MENU
Solve your Windows problems. Support a comfortable PC life.

KB5068861 fixes Task Manager bug! But beware of changes to "LSA Protection" specifications (new bug?)

Ads
This article has 4 comments.

On November 11, 2025, the November monthly security update "KB5068861Has been released.

This update is very important as it fixes several "flaws" caused by last month's preview update "KB5067036" that troubled many users (including me).

In this article, I tested in my environment what KB5068861 fixed and whether any new problems had occurred.

table of contents

1. [Good news] The bug in KB5067036 has been fixed

First, the good news is that the following serious issues caused by last month's preview update "KB5067036" have been fixed by applying this "KB5068861" update.Fully resolvedI have confirmed that.

① Fixed the issue where the Task Manager remained (became a zombie)

After applying "KB5067036", even if you close the Task Manager with the "x" button, the process (Taskmgr.exe) does not end, and there was a risk of memory leak.It was nicely fixed.

② Fixed the problem of file extension display in Explorer

In my environment, I confirmed that "KB5067036" caused "Even if you set the extension to hidden,.dll,.cplThere is also a bug in Explorer that causes file extensions such as ".It has been corrected to normalI have confirmed that.

(Microsoft's official release notes mention the Task Manager issue, but don't specifically mention this fix for Windows Explorer.)

2. [New phenomenon] LSA Protection (Local Security Authority Protection) blocks DLL loading

The problem was fixed, and I thought I could finally relax, but unfortunately, in my environment,Another new phenomenonhas been confirmed.

After installing KB5068861, some apps (such as third-party tools) that previously worked without problems now display a Program Compatibility Assistant dialog box when launched.

"This module has been blocked from loading by the Local Security Authority: ….mdnsNSP.dll'

This module has been blocked from loading by the Local Security Authority.

This is a phenomenon in which the Local Security Authority (LSA) Protection, an important feature of Windows security, determines that a specific DLL file (program component) required by an app is "untrusted" and blocks it from being loaded into memory.

Attention! How to check if Windows 11 "Local Security Authority Protection" is enabled

mdnsNSP.dllIt is,Apple's Bonjour serviceis a component of.

Popular apps:

  • iTunes: It is used by PCs to communicate with Apple TV and the "Remote" app on iPhones/iPads.
  • iCloud for Windows: Used for printer sharing (AirPrint), photo syncing, etc.
  • Some third-party software, such as Adobe Creative Suite, may also install it for network functionality.

2025/11/13 Update:

This blockedmdnsNSP.dllis the file for Apple's Bonjour service,Backup software with NAS detection, such as Acronis True ImageIt may be installed by.

*In the author's environment, it was confirmed that it was installed at the same time as installing Acronis True Image 2025 (permanent version).

Acronis True Image 2025 (perpetual version) 1PC
To avoid panicking if your PC suddenly breaks down, it's a good idea to have a standard backup software to protect your important photos and data.
View on Amazon

Why does LSA protection block this DLL?

  1. Enhanced LSA protection: This update enables the Local Security Authority (LSA), the core of Windows security, to:DLLs that are not signed by Microsoft or safety verified is loaded into its own memory space,Stricter BlockingI guess that's what they started doing.
  2. mdnsNSP.dllHow it works: This Apple DLL acts as a network service provider (NSP) and appears to be heavily involved in Windows networking (and the authentication process involving the LSA).
  3. Blocking occurs: LSA Protection (based on its new, stricter rules) has determined that this Apple DLL is "untrusted code" andBlocked from loading due to "potential security risk"It was.

This phenomenon appears to have occurred in the past.

Summary: Should it be applied?

This "KB5068861" fixes serious issues caused by "KB5067036" (such as zombie Task Manager).Important monthly updatesIf you have installed "KB5067036" (preview version),Must be applied.

However, if you encounter an "LSA Protection" issue where a specific app stops working properly after applying "KB5068861," it's possible that the app is not compliant with LSA Protection (i.e., is operating in a security-shady manner).

In that case,

  1. App developerPlease update to support Windows 11 LSA protection.Recommendation
  2. (Not recommended and at your own risk) If you absolutely need to use the app, temporarily disable "Local Security Authority Protection" from "Windows Security" -> "Device Security" -> "Core Isolation" details.offTo

(Note: Operation 2 is not recommended as it will lower the security level.)

If you have any information about whether DLL blocking due to LSA protection is occurring in your environment, we would appreciate it if you could let us know in the comments section.

Windows Windows Bug Information troubleshooting Windows Update issues Application Issues
If you found this article helpful, please share it on social media.

Person who wrote this article

wenbang's avatar wenbang

Driven by questions arising from my daily PC use and the desire to "do more," I have been pursuing self-study in Windows since around 2008. I am sharing the "aha!" techniques and solutions I discovered through trial and error with the sole purpose of helping you in your PC life.

View profile

Comment:

Comment list (4)

  • In my environment, I have only "Memory Integrity" turned off, and "Local Security Authority Protection" and "Microsoft Vulnerable Driver Blocklist" turned on, but I have enabled Apple's Bonjour service and can use software called rtpMIDI to find my iPad from my PC via Bonjour, connect the iPad as a MIDI device, and play MIDI files on my PC from my iPad without any problems.

    Reply

    • Thank you very much, Arom, for reporting your very important and valuable verification results.

      The information that "Apple's Bonjour Service (rtpMIDI)" works without any problems even with "LSA Protection On" gets to the heart of the matter.

      In my environment, I confirmed that mdnsNSP.dll was blocked after applying KB5068861.
      *We have confirmed that the Bonjour service (version 3.0.0.10) was installed at the same time as the previously installed Acronis True Image 2025 (perpetual version).

      The fact that it works properly in your environment is conclusive evidence that LSA protection does not block all of Bonjour.
      It may depend on the version and the app.

      Reply

  • I'm not sure if this is related, but I started up my PC and left it for a while.
    When I opened it after about 2 hours, a screen suddenly appeared asking me to go into safe mode or something, so I first tried starting a new repair mode, but that didn't work, so I turned off the PC and let it discharge.
    Then it starts normally.
    - The compatibility assistant screen for LSA Protection (Local Security Authority Protection) is not currently displayed.
    iTunes starts up normally.

    Reply

    • Thank you very much for sharing your valuable information.

      First of all, thank you for letting us know that the Compatibility Assistant screen caused by LSA Protection (Local Security Authority Protection) does not occur in your environment (iTunes). It seems to be an environment-dependent issue that occurs in combination with certain apps.
      In my environment, I confirmed that the Bonjour service was installed at the same time as installing Acronis True Image 2025 (perpetual version).

      "Automatic Repair" may have malfunctioned
      The main issue is the phenomenon where "after leaving the PC for two hours, a screen prompting you to enter safe mode suddenly appeared," and this is a very important report.

      This appears to be a (possibly erroneous) activation of Windows' "Automatic Repair" feature.
      It is possible that applying KB5068861 caused a temporary error during background maintenance while the OS was idle, leading to the system mistaking it for not starting up properly. As a result, the next time you tried to operate your PC (such as waking it up from sleep), Automatic Repair (WinRE) would start up.

      The fact that you were able to boot normally by "powering off and discharging (cold boot)" likely means that there was no serious damage to the system and that a temporary error flag was reset.

      Reply

To comment

[About submissions]
We welcome any questions or information regarding the content of the article.
However, please note that content unrelated to the purpose of the article, criticism of specific individuals or organizations, offensive language,Inappropriate wordsComments containing the above may be deleted or made private without notice at the discretion of the administrator.
Please note that spam may be automatically deleted by anti-spam measures.

CAPTCHA


table of contents