Microsoft's out-of-band patch fixes Windows AD authentication failures

Microsoft has released an out-of-band patch to fix authentication failures on Windows after installing the May 10, 2022 security update on Windows Server domain controllers. 

The new update should fix authentication failures that affected services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)

“An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller,” Microsoft explained. 

SEE: Microsoft warns: This botnet has new tricks to target Linux and Windows systems

The US Cybersecurity and Infrastructure Security Agency (CISA) this week pulled Microsoft’s fix for the bug CVE-2022-26925 from its list of known exploited vulnerabilities that federal agencies must patch within a given timeframe.  

The bug was a Local Security Authority (LSA) spoofing vulnerability. Details of the bug have been publicly disclosed and exploits exist for it. 

An unauthenticated attacker could “call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft said. 

The bug would have a

Read More: