Some Windows updates can actually compromise your security.

After deploying the latest Patch Tuesday update, Microsoft is currently investigating known issues leading to authentication failures for several Windows services.

According to blipping computerThe software giant began investigating the issue after Windows administrators began sharing reports of certain policies that failed after installing the May 2022 Patch Tuesday update.

This admin reported that after installing the update, the following error message started appearing: “Authentication failed due to user credential mismatch. Either the supplied username does not map to an existing account or the password is incorrect.”

The issue affects client and server Windows platforms and systems, including systems running Windows 11 and Windows Server 2022, but Microsoft says it only occurs after updates are installed on servers used as domain controllers.

in supporting documentsThe company explained that authentication failure can occur in various services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

authentication failed

in separate supporting documentMicrosoft has detailed these service authentication issues by stating that they are caused by a security update that addresses an elevation of privilege vulnerability in Windows Kerberos and its Active Directory Domain Services.

Vulnerabilities in Microsoft Active Directory Domain Services (Tracking CVE-2022-26923) has a high CVSS score of 8.8, and if left unpatched, an attacker could exploit it to elevate an account’s privileges to that of a domain administrator. On the other hand, vulnerabilities in Windows Kerberos ( CVE-2022-26931) also have a high severity CVSS score of 7.5.

To alleviate these authentication issues, Microsoft suggests that Windows administrators manually map certificates to computer accounts in Active Directory, but you can also use Kerberos Operational logs to determine which domain controllers failed to log in.

Still, one Windows administrator blipping computer After installing the latest Patch Tuesday update, he said the only way to get some users to log in was to disable it by setting the StrongCertificateBindingEnforcement registry key to 0. This registry key is used to change the enforcement mode of: Put your company’s Kerberos Distribution Center (KDC) into compatibility mode.

Now that Microsoft is actively investigating these issues and providing a workaround, an appropriate fix will be available soon, or at least during the next Patch Tuesday update in June.

Through blipping computer

Leave a Comment