It seems that recent Windows updates are causing problems with many Windows services. According to recent reports from Windows administrators, problems with ‘authentication’ are occurring in various services.
After the last Patch Tuesday updates, many Windows users started to have update-related complaints. According to BleepingComputer, Microsoft has reportedly begun investigating these issues that put your device and yours at risk after Windows administrators shared reports that some policies failed after installing the latest updates.
According to this new issue, several Windows services are experiencing authentication problems. In the statement, it is noted that only client and server Windows platforms and systems, including those running Windows 11 and Windows Server 2022, are affected by the current problem; Microsoft states that the issue only triggers after installing updates on servers used as domain controllers.
Windows administrators encountering the issue said, “Authentication failed due to user credential mismatch after installing updates. The username provided does not match an existing account or the password is incorrect”. Microsoft, meanwhile, mentions authentication failures for several services, including Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). notes that it may be the subject.
In another statement, Microsoft states that these issues are caused by security updates related to privilege escalation vulnerabilities in Windows Kerberos and Active Directory Domain Services. Accordingly, if this vulnerability (CVE-2022-26923) in Active Directory Domain Services, which has a high-prevention CVVS score of 8.8, is not fixed, it means that attackers can use an account’s privileges to elevate the privileges of a domain administrator.
On the other hand, the vulnerability in Windows Kerberos (CVE-2022-26931) stands out with its CVSS score of 7.5, which has a high degree of prevention.
So what can you do?
Microsoft recommends that Windows administrators manually map certificates to a machine account in Active Directory to reduce these authentication issues; and recommends using the Kerberos Operational log to see which domain controller failed to log in.
In contrast, a Windows administrator reports that the only way for some users who have installed the latest updates to log in is to disable the StrongCertificateBindingEnforcement registry key by setting it to 0. This registry key is used to change the enforcement mode of the company’s Kerberos Deployment Center (KDC) to ‘Compatibility mode’.