Microsoft released the KB5007651 update for Windows Defender in March this year, which will force users to install it.
However, some users reported that after installing the update, Windows Security displayed “Local Security authority protection is off. Your device may be vulnerable” (local security authority protection has been turned off. Your device may be attacked).
LSA contains the Local Security Authority Server Service (LSASS) process that authenticates users for local and remote logins and enforces local security policies.
Windows 8.1 operating systems and later provide additional protection for LSA to prevent unprotected processes from reading memory and injecting code. This feature provides increased security for credentials stored and managed by the LSA.
Microsoft now acknowledges the issues and has suspended pushing KB5007651 to users, and will resume updates after the issue is resolved.