1 min read

Microsoft May Patch Tuesday Causes AD Authentication Failures

Vlad CONSTANTINESCU
Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft May Patch Tuesday Causes AD Authentication Failures

Microsoft is investigating an issue causing authentication errors for certain Windows services following its rollout of updates in this month's Patch Tuesday.

After the latest updates, Windows system administrators reported various policy failures. Afflicted systems prompted sysadmins with the message: "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account, or the password was incorrect."

The situation affects both client and server Windows platforms, as well as systems running various versions of Windows, including Windows Server 2022 and Windows 11, the latest releases.

Microsoft says the issue only affects servers used as domain controllers that received the Patch Tuesday monthly updates. Installing the patches on client Windows devices and Windows servers not used as domain controllers shouldn't lead to authentication failures, it said.

"After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)," a status update document reads.

According to Microsoft, security updates addressing two elevations of privilege Windows Kerberos and Active Directory Domain Services vulnerabilities triggered the authentication failures.

The May updates change the Kerberos Distribution Center to Compatibility mode by automatically setting the StrongCertificateBindingEnforcement registry key. This, in turn, allows all authentication attempts if the certificate is not older than the user.

As BleepingComputer reported, Windows admins are already identifying workarounds, and the most popular one seems to be locating the StrongCertificateBindingEnforcement registry key and setting it to 0 (zero). Microsoft strongly recommends against this and suggests system administrators map certificates manually to a machine account in Active Directory until an official patch is available.

Microsoft's May Patch Tuesday fixes 74 security flaws, including a high-severity, actively exploited vulnerability that could "let unauthenticated attackers coerce the domain controller to authenticate to the attacker using NTLM."

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

AMD held to ransom by gang that claims 450GB of data has been stolen AMD held to ransom by gang that claims 450GB of data has been stolen
Graham CLULEY

July 01, 2022

2 min read
South Korean Cybersecurity Agency Released Free Decryptor for Hive Ransomware Victims South Korean Cybersecurity Agency Released Free Decryptor for Hive Ransomware Victims
Vlad CONSTANTINESCU

July 01, 2022

1 min read
Ukrainian Phishers face 15 Years behind Bars after Defrauding Fellow Citizens with Fake Relief Claims Ukrainian Phishers face 15 Years behind Bars after Defrauding Fellow Citizens with Fake Relief Claims
Filip TRUȚĂ

June 30, 2022

1 min read