Microsoft’s latest updates breaking a vital business security tool
>
Microsoft’s latest cumulative updates released earlier this week for Windows 11 broke an essential business security feature. The fix has not yet been published, but Microsoft expects to have one ready in the coming weeks.
As reported by Beeping computer (opens in new tab)the Redmond-based software giant recently acknowledged certain issues with the Kerberos authentication protocol following Patch Tuesday in November.
After installing updates released on November 8, 2022 or later on Windows Servers with the domain controller role, you may have issues with Kerberos authentication.
Login failed
“When this issue occurs, you may receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System Area of Event Log on your domain controller with the text below,” the company explained.
Beeping computer readers reported days earlier, the update breaks Kerberos, the default authentication protocol for domain-joined Windows endpoints.
One of them explained that the protocol breaks “in situations where you set the setting ‘This account supports Kerberos AES 256-bit encryption’ or ‘This account supports Kerberos AES 128 encryption’. Account options set (ie msDS-SupportedEncryptionTypes attribute) to AD.”
According to the report, some of the Kerberos authentication scenarios include failing domain users’ login and affecting Active Directory Federation Services authentication in the process, Remote Desktop connections with domain users unable to connect, and several others.
Affected platforms include most Windows versions since Windows 7 (Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2, Windows 11 21H2) and some server versions ( Windows Server 2008 SP2, Windows Server 2022)-.
Home customers and users not enrolled in an on-premises domain are not affected by this bug, it has been added. In addition, the bug does not affect non-hybrid Azure Active Directory environments, nor environments without an on-prem Active Directory server.