Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in / up

Security

This article is more than 1 year old

Microsoft patches the patch that broke Windows authentication

May 10 update addressed serious vulns but also had problems of its own

icon Richard Speed
Fri 20 May 2022 // 13:00 UTC

Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.

Elizabeth Tyler, cyber security consultant on Microsoft's Detection and Response Team, confirmed the fix to worried administrators early this morning.

Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures across several systems.

Tyler said at the time: "We know the root cause is the subject name is incorrectly used to map the cert to a machine account in AD rather than the DNSHostname in the subject alternative name on DCs that have installed 5b and we're working it."

An entry then turned up in the lengthy list of known issues for the patch in which Microsoft warned that, after installing the May 10 patch on domain controllers, there might be issues with some services.

"These services," it said, "include Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

"An issue has been found related to how the domain controller manages the mapping of certificates to machine accounts."

As with many updates, the May 10 patch was an important one, and included fixes for "high severity" elevation-of-privilege vulnerabilities that could occur when the Kerberos Distribution Center (KDC) serviced a certificate-based authentication request.

Backing out of the update apparently resolved the problems but, as one user observed, "this is quite a critical patch but seems to break quite a key role!"

Administrators would be forgiven for feeling that patches to fix patches seem to be becoming a little too common over the years. ®

More about

×

More about

Narrower topics

Broader topics

More about

COMMENTS

More about

×

More about

Narrower topics

Broader topics

TIP US OFF

Send us news

Other stories you might like