Microsoft Releases Emergency Updates to Patch Kerberos Authentication Issues

Microsoft has released emergency out-of-band updates to address a recently discovered flaw that led to Kerberos authentication issues. The fault triggered authentication problems on enterprise domain controllers after installing November’s Patch Tuesday cumulative updates.

"After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication," reads Microsoft’s security update.

The company said the issue could affect any Kerberos authentication in users’ environments and released a list of possible scenarios, including:

• Connection failures for Remote Desktop connections using domain users
• Failing to carry out printing jobs that require domain user authentication
• Inability to access file shares on servers and shared folders on workstations
• Domain user authentication failures, which could also affect Active Directory Federation Services (AD FS)
• Failure to authenticate Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server)

Microsoft released out-of-band emergency updates yesterday to fix the authentication issues, mentioning that the patches must be installed on all Domain Controllers in affected environments. The updates included cumulative and standalone updates:

Cumulative updates:

• Windows Server 2022: KB5021656
• Windows Server 2019: KB5021655
• Windows Server 2016: KB5021654

Standalone updates:

• Windows Server 2012 R2: KB5021653
• Windows Server 2012: KB5021652
• Windows Server 2008 SP2: KB5021657

While Windows Server 2008 R2 SP1 didn’t receive an update, a patch is expected to arrive in the coming week.

“You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue,” the company explains. “If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”

Microsoft’s latest monthly security update addressed 68 vulnerabilities, including 11 critical severity issues, 55 important ones, and six actively exploited zero-day issues. It also marked the beginning of Microsoft enforcing security hardening for Netlogon and Kerberos.