Some Windows updates might actually hurt your security

Latest round of Patch Tuesday updates is causing authentication failures

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Following the deployment of its latest round ofPatch Tuesdayupdates,Microsoftis currently investigating a known issue that leads to authentication failures for a number of Windows services.

According toBleepingComputer, the software giant began looking into these issues after Windows admins began sharing reports of certain policies failing after installing its May 2022 Patch Tuesday updates.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

These admins reported that after installing the updates they began seeing the following error message: “Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect.”

While this issue impacts client and server Windows platforms and systems including those runningWindows 11andWindows Server 2022, Microsoft says that it is only triggered after updates are installed on servers that are being used asdomain controllers.

In asupport document, the company explained that authentication failures may occur for a number of services including Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

Failure to authenticate

In aseparate support document, Microsoft went into further detail regarding these service authentication problems by explaining that they are caused by security updates that address privilege escalation vulnerabilities in Windows Kerberos and its Active Directory Domain Services.

The vulnerability in Microsoft’s Active Directory Domain Services (tracked asCVE-2022-26923) has a high severity CVSS score of 8.8 and if left unpatched, can be exploited by an attacker to elevate the privileges of an account to those of a domain admin. Meanwhile, the vulnerability in Windows Kerberos (tracked asCVE-2022-26931) also has a high severity CVSS score of 7.5.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft to admins: These are the Windows Update policies you should be using>Microsoft is working on fixing the fiddliest part of Windows updates>How to fix a stuck Windows update

To mitigate these authentication issues, Microsoft suggests that Windows admins manually map certificates to a machine account inActive Directorythough it also suggests using the Kerberos Operational log to see which domain controller is failing to sign in.

Still though, one Windows admin that spoke toBleepingComputersaid that the only way they were able to get some of their users to log in following the installation of the latest Patch Tuesday updates was by disabling the StrongCertificateBindingEnforcement registry key by setting it to 0. This registry key is used to change the enforcement mode of the company’s Kerberos Distribution Center (KDC) to Compatibility mode.

Now that Microsoft is actively investigating these issues and coming up with workarounds, a proper fix should arrive soon or at least during its next Patch Tuesday updates in June.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)