Microsoft emergency updates fix Windows AD authentication issues

Microsoft has launched emergency out-of-band (OOB) updates to address Active Listing (Ad) authentication issues just after installing Windows Updates issued through the May well 2022 Patch Tuesday on area controllers.

The firm has been operating on a fix for this known challenge causing authentication failures for some Home windows companies because May well 12.

“Immediately after installing updates unveiled May well 10, 2022 on your domain controllers, you may see authentication failures on the server or shopper for expert services these as Network Policy Server (NPS), Routing and Remote obtain Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Shielded Extensible Authentication Protocol (PEAP),” Microsoft stated.

“An concern has been located connected to how the mapping of certificates to equipment accounts is staying taken care of by the domain controller.”

The OOB Windows updates introduced nowadays are offered only via the Microsoft Update Catalog and will not be made available through Home windows Update.

The enterprise released the adhering to cumulative updates for installation on Area Controllers (no motion wanted on the customer-aspect):

Microsoft also introduced standalone updates: 

These updates can be manually imported into Home windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.

You can come across WSUS recommendations on the WSUS and the Catalog Web page and Configuration Supervisor instructions on the Import updates from the Microsoft Update Catalog page.

“If you are using safety only updates for these variations of Home windows Server, you only require to put in these updates for the month of May well,” Microsoft added.

“If you are applying Month to month Rollup updates, you will require to put in both equally the standalone update stated higher than, and the Month to month rollups released May possibly 10, 2022.” 

Because this identified concern was uncovered, Cybersecurity and Infrastructure Safety Agency (CISA) experienced to remove a Windows security flaw from its catalog of regarded exploited bugs (an actively abused Windows LSA spoofing zero-day tracked as CVE-2022-26925) owing to the auth challenges caused by May well 2022 updates when deployed on area controllers.

In November 2021, Microsoft produced another round of out-of-band updates to address an difficulty causing Windows Server authentication failures associated to Kerberos delegation situations impacting area controllers.