Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication


Two of Microsofts Patch Tuesday updates need a do-over after causing certificate-based authentication errors.



If you updated servers running Active Directory Certificate Services and Window domain controllers responsible for certificate-based authentication with Microsofts May 10 Patch Tuesday update, you may need a re-do. 
The company said the original patch for CVE-2022-26931 and CVE-2022-26923 was intended to stop certificate spoofing via privilege escalation, but an unintended consequence of the fix was a rash of authentication errors. So, it rushed a new patch, available as of Thursday.
After installing the original Patch Tuesday updates, several Reddit users complained of certificate-authentication errors in r/sysadmin
subreddit Patch Tuesday Megathread
for May 10. 
My [Network Policy Server] NPS policies (with certificate auth) have been failing to work since the update, stating Authentication failed due to a user credentials mismatch, Reddit user RiceeeChrispies wrote. Either the user name provided does not map to an existing account, or the password was incorrect.”
Microsoft added that once the update is installed, it wont be necessary to renew client-authentication certificates. 
Renewal is not required, Microsoft said in its statement acknowledging the
authentication errors
. The CA will ship in Compatibility Mode. If you want a strong mapping using the ObjectSID extension, you will need a new certificate.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication