Microsoft Patch Updates Might Spur Authentication Problems
Table of Contents
- By Patrick Ryan
- May 17, 2022
If your computer is experiencing authentication errors or problems with its Windows operating system, there is a chance it is the result of a Microsoft patch. The company’s weekly Tuesday patch has the potential to cause AD authentication issues in Windows computers. The software giant is notifying customers that the May patch update also leads to failures with the domain services in the Windows Active Directory.
What is Microsoft’s Response to the Patch Problem?
Microsoft provided an update on the matter this past Friday. The tech company indicated it was investigating the issue yet refused to provide additional details. The company’s notification comes on the heels of reports that some of its services were not working as they should after installing the latest security update. Some Microsoft Windows computer users are complaining about authentication failure notices resulting from user credentials not properly matching. The username fails to map to a current account, or the user is provided with a notification that their password is not correct.
The company’s statement notes that the installation of the updates on domain controllers can cause authentication failures for a wide array of services and on the server. Everything from Protected Extensible Authentication Protocol to Radius, Routing, and Remote Access Service and the Network Policy Server are affected.
When Did the Patch Update Issue Begin?
Microsoft’s May patch update was released on May 10. We are one week into the patch update problem.
What is Causing the Problem?
Microsoft’s response to the issue highlights a flaw with certificate mapping to machine accounts. In particular, how the mapping certificates are handled through the domain controller is the issue. Domain controllers are used as servers that communicate responses to authentication requests. The active directory is a space for storing information about network objects. Microsoft also noted that only servers that serve the function of domain controllers are affected by the flawed patch update issued earlier this month.
What is the Authentication Failure Caused By?
Microsoft has admitted its security update is the cause of the authentication failure. The company admitted such in a separate document released last week. The security update pertaining to privilege escalation vulnerabilities triggered authentication issues. Those vulnerabilities are within the Active Directory Domain Service of the Kerbose component of Windows.
One of the vulnerabilities labeled CVE-2022-26931 has a 7.5 CVSS rating. The second vulnerability, CVE-2022-26923, has an 8.8 CVSS rating, which is considered a high threat level.
What are Domain Administrators to Do?
Microsoft has advised Domain administrators to perform the manual mapping of certificates to users in the Active Directory until the company provides official updates. The altSecurityIdentities attribute of the user object can be used for the manual mapping of certificates to users within the Active Directory. If it turns out that there are complaints of preferred mitigation not working in the environment, certificate-based changes in terms of authentication for the domain controllers will prove helpful in pinpointing issues with the registry key for the SChannel.
The software giant’s spring update permits all attempts for authentication unless the user is as old as the certificate, thanks to automatic updates in another registry key. This update alters KDC enforcement to three specific modes: Full Enforcement, Compatibility, and Disabled.
It is worth noting some of those who have established a successful user login after installing the patch disabled a specialized key labeled as StrongCertificateBindingEnforcement by putting its value to zero. Aside from this unique approach and ongoing guidance from Microsoft, it will also help to add digital security protections to your computers.