ClickCease Microsoft issues update to fix Kerberos sign-in failures

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Microsoft issues update to fix Kerberos sign-in failures

Obanla Opeyemi

December 1, 2022 - TuxCare expert team

A few days after Microsoft acknowledged problems with Kerberos authentication that affected Windows Servers with the Domain Controller role, causing domain user sign and Remote Desktop connections to fail, Microsoft released an emergency optional out-of-band (OOB) update.

There out-of-band updates available are (KB5021652, KB5021653, KB5021654, KB5021655, KB5021656, and KB5021657), all of which must be installed manually.

“After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication. When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text,” Microsoft explained.

List of affected Kerberos auth scenarios includes: Active Directory Federation Services (AD FS) authentication; Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server); and Remote Desktop connections. Others include the inability to access shared folders on workstations and files shares on servers and the inability to carryout printing that requires domain user authentication.

Following the emergency patch, Microsoft’s security team discovered a new problem with Kerberos authentication on Windows Servers. In the new patch, it made another set of security hardening changes that fixed two vulnerabilities tracked as CVE-2022-37967 and CVE-2022-37966, but it also broke some key authentication scenarios at the same time, resulting in failed logins and failed RDP connections, which caused a bug.

Microsoft says in an update to the acknowledgement post in the known issues section of Windows release health: “This issue was resolved in out-of-band updates released November 17, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”

The sources for this piece include an article in BleepingComputer.

Watch this news on our YouTube channel: MICROSOFT issues update to fix KERBEROS sign-in failures

Summary
Microsoft issues update to fix Kerberos sign-in failures
Article Name
Microsoft issues update to fix Kerberos sign-in failures
Description
Microsoft has issued an emergency optional out-of-band (OOB) update to fix problems with Kerberos authentication.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023