Pro
Security

Microsoft's latest updates breaking a vital business security tool

By Sead Fadilpašić published 15 November 2022

And a fix is weeks away

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Passwork)

Microsoft’s latest cumulative updates that were released earlier this week for Windows 11 broke a vital business security feature. The fix has not yet been published, but Microsoft expects to have one ready in the coming weeks.

As reported by BleepingComputer, the Redmond software giant recently acknowledged certain issues with the Kerberos authentication protocol after November's Patch Tuesday.

"After installing updates released on November 8, 2022, or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication," Microsoft said.

Failing to sign in

"When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text," the company explained.

BleepingComputer readers reported that the update breaks Kerberos, the default authentication protocol for domain-connected Windows endpoints, days previously.

One explained that the protocol breaks “in situations where you have set the ‘This account supports Kerberos AES 256 bit encryption’, or 'This account supports Kerberos AES 128 encryption’ Account Options set (i.e., msDS-SupportedEncryptionTypes attribute) on user accounts in AD."

> These are the best firewalls right now

> Microsoft fixes Kerberos-related authentication issues in Windows Server

> Emergency Windows 10 update plugs a serious security hole

According to the report, some of the Kerberos authentication scenarios include domain user sign-in failing and affecting Active Directory Federation Services authentication in the process, Remote Desktop connections using domain users failing to connect, and several others.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The affected platforms include most Windows versions since Windows 7 (Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2, Windows 11 21H2), and some Server version (Windows Server 2008 SP2, Windows Server 2022)-.

Home customers and users not enrolled in an on-premises domain are not affected by this bug, it was added. Furthermore, the flaw doesn’t impact non-hybrid Azure Active Directory environments, as well as those without an on-prem Active Directory server.

Check out the best Linux distros for privacy and security out there

TOPICS

Microsoft

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.