Microsoft May Patch Tuesday Causes AD Authentication Failures
Microsoft is investigating an issue causing authentication errors for certain Windows services following its rollout of updates in this month's Patch Tuesday.
After the latest updates, Windows system administrators reported various policy failures. Afflicted systems prompted sysadmins with the message: "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account, or the password was incorrect."
The situation affects both client and server Windows platforms, as well as systems running various versions of Windows, including Windows Server 2022 and Windows 11, the latest releases.
Microsoft says the issue only affects servers used as domain controllers that received the Patch Tuesday monthly updates. Installing the patches on client Windows devices and Windows servers not used as domain controllers shouldn't lead to authentication failures, it said.
"After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)," a status update document reads.
According to Microsoft, security updates addressing two elevations of privilege Windows Kerberos and Active Directory Domain Services vulnerabilities triggered the authentication failures.
The May updates change the Kerberos Distribution Center to Compatibility mode by automatically setting the StrongCertificateBindingEnforcement registry key. This, in turn, allows all authentication attempts if the certificate is not older than the user.
As BleepingComputer reported, Windows admins are already identifying workarounds, and the most popular one seems to be locating the StrongCertificateBindingEnforcement registry key and setting it to 0 (zero). Microsoft strongly recommends against this and suggests system administrators map certificates manually to a machine account in Active Directory until an official patch is available.
Microsoft's May Patch Tuesday fixes 74 security flaws, including a high-severity, actively exploited vulnerability that could "let unauthenticated attackers coerce the domain controller to authenticate to the attacker using NTLM."
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022