Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

  /     /     /  
Publicated : 23/11/2024   Category : security

Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication


Two of Microsofts Patch Tuesday updates need a do-over after causing certificate-based authentication errors.


If you updated servers running Active Directory Certificate Services and Window domain controllers responsible for certificate-based authentication with Microsofts May 10 Patch Tuesday update, you may need a re-do. 
The company said the original patch for CVE-2022-26931 and CVE-2022-26923 was intended to stop certificate spoofing via privilege escalation, but an unintended consequence of the fix was a rash of authentication errors. So, it rushed a new patch, available as of Thursday.
After installing the original Patch Tuesday updates, several Reddit users complained of certificate-authentication errors in r/sysadmin
subreddit Patch Tuesday Megathread
for May 10. 
My [Network Policy Server] NPS policies (with certificate auth) have been failing to work since the update, stating Authentication failed due to a user credentials mismatch, Reddit user RiceeeChrispies wrote. Either the user name provided does not map to an existing account, or the password was incorrect.”
Microsoft added that once the update is installed, it wont be necessary to renew client-authentication certificates. 
Renewal is not required, Microsoft said in its statement acknowledging the
authentication errors
. The CA will ship in Compatibility Mode. If you want a strong mapping using the ObjectSID extension, you will need a new certificate.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication