An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates

Reading Time: 2 minutes

Windows Repair

Ever since the news broke that the May 2022 Windows Updates cause Active Directory Authentication Failures in environments where certificate-based authentication is in use, many organizations have held off on installing these updates on their domain controllers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even went as far as advising against installing the updates on domain controllers, despite these updates addressing an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8) and 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 8.8-9.8).

I feel not installing updates is a no-go. Therefore, based on the information provided by Arian van der Pijl, I audited some Active Directory environments using the following two lines of Windows PowerShell:

Get-ADComputer -Filter {altSecurityIdentities -Like "*"} -Properties altSecurityIdentities | Select sAMAccountName, altSecurityIdentities

Get-ADUser -Filter {altSecurityIdentities -Like "*"} -Properties altSecurityIdentities | Select sAMAccountName, altSecurityIdentities

That ruled out most organizations of having authentication issues, yet some customers were expecting some major issues. They had to wait for an update to address the issue before they could install the May 2022 Windows Updates.

Out of Band Update

Today, Microsoft released Windows Updates to address the issue issue that causes the authentication failures for some services on a server or client after you install the May 10, 2022 update on domain controllers. These services include:

The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers.

The following updates are available:

Concluding

Admins for environments with domain controllers who (fear they) are affected by the authentication issues caused by the May 10th, 2022, Windows Updates or have rolled back the May 10th, 2022, Windows Updates may install these updates, followed by the out of band updates above.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.