Microsoft has released emergency out-of-band updates to address a recently discovered flaw that led to Kerberos authentication issues. The fault triggered authentication problems on enterprise domain controllers after installing November’s Patch Tuesday cumulative updates.
"After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication," reads Microsoft’s security update.
The company said the issue could affect any Kerberos authentication in users’ environments and released a list of possible scenarios, including:
Microsoft released out-of-band emergency updates yesterday to fix the authentication issues, mentioning that the patches must be installed on all Domain Controllers in affected environments. The updates included cumulative and standalone updates:
While Windows Server 2008 R2 SP1 didn’t receive an update, a patch is expected to arrive in the coming week.
“You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue,” the company explains. “If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”
Microsoft’s latest monthly security update addressed 68 vulnerabilities, including 11 critical severity issues, 55 important ones, and six actively exploited zero-day issues. It also marked the beginning of Microsoft enforcing security hardening for Netlogon and Kerberos.