FIX: Security token leak when you run more than two PowerShell steps by using a proxy account in a SQL Server Agent job

Article translations Article translations
Article ID: 2791496 - View products that this article applies to.
Microsoft distributes Microsoft SQL Server 2012 Service Pack 1 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2012 Service Pack 1 fix release.
Expand all | Collapse all

On This Page

Symptoms

Assume that you use a proxy account to run more than two Windows PowerShell steps at the same time in a SQL Server Agent job in Microsoft SQL Server 2012. In this situation, a security token leak occurs. Additionally, the Local Security Authority Security Subsystem process (Lsass.exe) consumes a large amount of memory, and the server may freeze.

Cause

This issue occurs because a new security token is re-created unexpectedly, and the handle for the previous security token is lost and cannot be closed.

Resolution

Cumulative update information

Cumulative Update 3 for SQL Server 2012 SP1

The fix for this issue was first released in Cumulative Update 3. For more information about how to obtain this cumulative update package for SQL Server 2012 SP1, click the following article number to view the article in the Microsoft Knowledge Base:
2812412 Cumulative update package 3 for SQL Server 2012 Service Pack 1
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2012 SP1 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2772858 The SQL Server 2012 builds that were released after SQL Server 2012 Service Pack 1 was released

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Workaround

To work around this issue, apply one of the following methods:
  • Do not run multiple PowerShell steps at the same time.
  • Do not run the PowerShell steps by using a proxy account.
  • Use an operating system (CmdExec)Job Step type to run the PowerShell script.

References

For more information about how to run Windows PowerShell Steps in SQL Server Agent, go to the following MSDN website:
How to run Windows PowerShell steps in SQL Server Agent
For more information about the Incremental Servicing Model for SQL Server, click the following article number to view the article in the Microsoft Knowledge Base:
935897 An Incremental Servicing Model is available from the SQL Server team to deliver hotfixes for reported problems
For more information about the naming schema for SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base:
822499 Naming schema for Microsoft SQL Server software update packages
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2791496 - Last Review: April 12, 2013 - Revision: 3.0
Applies to
  • Microsoft SQL Server 2012 Service Pack 1, when used with:
    • Microsoft SQL Server 2012 Enterprise
    • Microsoft SQL Server 2012 Business Intelligence
    • Microsoft SQL Server 2012 Developer
    • Microsoft SQL Server 2012 Standard
    • Microsoft SQL Server 2012 Web
    • SQL Server 2012 Enterprise Core
Keywords: 
kbqfe kbfix KB2791496

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com