Microsoft panics Windows 11 users with 'Local Security Authority protection is off' warning

Users of Windows 11 have been concerned by the appearance of a message that reads: "Local Security protection is off. Your device may be vulnerable". Microsoft is blaming a recent update (KB5007651) for the warning which implies that an important security feature has been disabled.

The issue affects Windows 11 version 21H2 and 22H2, and those hit by the message have been left confused about what they need to do. So what is going on?

See also:

• Microsoft is changing the release schedule for Windows update previews
• Windows 11 Snipping Tool has a serious privacy flaw that can expose information cropped out of screenshots
• Microsoft is giving free USB drives to Windows 11 users

Users have been confused by the sudden appearance of a warning when nothing has changed with their system. Confusion has been heightened by the fact that despite Windows 11 complaining that LSA is disabled, this is in fact not the case. Microsoft has provided some information about the message in a new entry on the Windows Release Health pages.

Explaining the issues, the company says:

After installing "Update for Microsoft Defender Antivirus antimalware platform -- KB5007651 (Version 1.0.2302.21002)", you might receive a security notification or warning stating that "Local Security protection is off. Your device may be vulnerable." and once protections are enabled, your Windows device might persistently prompt that a restart is required. Important: This issue affects only "Update for Microsoft Defender Antivirus antimalware platform -- KB5007651 (Version 1.0.2302.21002)". All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698), do not cause this issue.

Despite Microsoft’s description of the issue, some users that are seeing the warning message say that it appeared after installing the KB5023706 update, not the KB5007651 update.

The company says that it is working on a resolution which will be released in a future update, but offers the following workaround in the meantime:

If you have enabled Local Security Authority (LSA) protection and have restarted your device at least once, you can dismiss warning notifications and ignore any additional notifications prompting for a restart. You can verify that LSA protection is enabled by looking in Event Viewer using the information available here. Important: Currently, we do not recommend any other workaround for this issue.

For now, the solution is to simply ignore the warning, but this will do nothing to quell the panic and concern that the appearance of the message has caused for users who have not seen this advice. The average user, of course, has no way of differentiating between system errors and warnings that can be ignored and those that need to be acted upon.

More information is available here.

Image credit: mundissima / Shutterstock