Windows 10 update is causing forced reboots

Microsoft has confirmed that the June Windows 10 Patch Tuesday updates are causing computers to crash due to a failure in Isass.exe, the Local Security Authority Subsystem Service (LSASS) file.

The bug appears in the KB articles for updates to Windows 10 version 1809 (KB4561608), versions 1903 and 1909 (KB4560960), and version 2004 (KB4557957). The LSASS failure also affects the June 16 out-of-band update for printers that failed to work following the Patch Tuesday update.

Microsoft published the following statement: "The Local Security Authority Subsystem Service (LSASS) file (lsass.exe) might fail on some devices with the error message, 'A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted'."

Microsoft will release a fix in a future update. It’s not clear whether the bug affects earlier versions of Windows 10.

While the June updates appear to be the cause of the LSASS reboots, Bleeping Computer published a user report in May about computers running Windows 10 version 1809 displaying the same error code. One user stated, "Event Viewer Log shows that LSASS.exe crashed on the first boot with error c0000008 and then all services failed to authenticate after, which probably caused the crash.”

Microsoft will publish optional nonsecurity update releases (C and D week releases) for Windows 10 and Windows Server, version 1809 and later, in July. These preview releases were paused in March to reduce IT admins’ workload due to the coronavirus.

They’ll be delivered in the third week of each month, enabling admins to test them during the next month’s Patch Tuesday update.