Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication
Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.
If you updated servers running Active Directory Certificate Services and Window domain controllers responsible for certificate-based authentication with Microsoft's May 10 Patch Tuesday update, you may need a re-do.
The company said the original patch for CVE-2022-26931 and CVE-2022-26923 was intended to stop certificate spoofing via privilege escalation, but an unintended consequence of the fix was a rash of authentication errors. So, it rushed a new patch, available as of Thursday.
After installing the original Patch Tuesday updates, several Reddit users complained of certificate-authentication errors in r/sysadmin subreddit Patch Tuesday Megathread for May 10.
"My [Network Policy Server] NPS policies (with certificate auth) have been failing to work since the update, stating 'Authentication failed due to a user credentials mismatch,'" Reddit user RiceeeChrispies wrote. "Either the user name provided does not map to an existing account, or the password was incorrect.”
Microsoft added that once the update is installed, it won't be necessary to renew client-authentication certificates.
"Renewal is not required," Microsoft said in its statement acknowledging the authentication errors. "The CA will ship in Compatibility Mode. If you want a strong mapping using the ObjectSID extension, you will need a new certificate."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024