Microsoft fixes Windows authentication woes • The Register

Microsoft has launched an out-of-band patch to cope with an authentication situation that was launched within the May 10 Windows replace.

Elizabeth Tyler, cyber safety advisor on Microsoft’s Detection and Response Team, confirmed the repair to anxious directors early this morning.

Multiple directors complained final week that after putting in the May 10 patch, they skilled authentication failures throughout a number of methods.

Tyler mentioned on the time: “We know the root cause is the subject name is incorrectly used to map the cert to a machine account in AD rather than the DNSHostname in the subject alternative name on DCs that have installed 5b and we’re working it.”

An entry then turned up within the prolonged checklist of identified points for the patch through which Microsoft warned that, after putting in the May 10 patch on area controllers, there is likely to be points with some providers.

“These services,” it mentioned, “embrace Network Policy Server (NPS), Routing and Remote entry Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

“An issue has been found related to how the domain controller manages the mapping of certificates to machine accounts.”

As with many updates, the May 10 patch was an vital one, and included fixes for “high severity” elevation-of-privilege vulnerabilities that might happen when the Kerberos Distribution Center (KDC) serviced a certificate-based authentication request.

Backing out of the replace apparently resolved the issues however, as one consumer noticed, “this is quite a critical patch but seems to break quite a key role!”

Administrators can be forgiven for feeling that patches to repair patches appear to be changing into a little bit too frequent through the years. ®

Source hyperlink

Leave a Reply

Your email address will not be published.