There are certain Windows upgrades that may potentially compromise your privacy and security

Microsoft is presently investigating a known problem that causes authentication failures for a number of Windows services after the recent deployment of Patch Tuesday upgrades.

When Windows administrators started reporting problems with certain policies not working after applying the company’s May 2022 Patch Tuesday upgrades, the software giant, according to BleepingComputer, started looking into these issues..

This problem message started popping up for these administrators after they installed the patches “A discrepancy in the user credentials resulted in an authentication failure. The password was either wrong or the user name did not match an existing account.”

Although Windows 11 and Windows Server 2022 are affected, Microsoft claims that the problem only occurs once updates are implemented on servers that are used as domain controllers.

Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP) are just a few of the services that might have authentication issues (PEAP).

Inability to prove identity

According to a Microsoft support page, these service authentication issues are caused by security upgrades to Windows Kerberos and its Active Directory Domain Services that address privilege escalation vulnerabilities.

When a vulnerability in Microsoft’s Active Directory Domain Services (CVE-2022-26923) goes unpatched, an attacker may get the rights of a domain administrator by exploiting this vulnerability. Meanwhile, the Windows Kerberos vulnerability (identified as CVE-2022-26931) has a CVSS severity rating of 7.5, making it a very serious issue.

However, Microsoft recommends examining the Kerberos Operational log to find out which domain controller is unable to sign in, and recommends manually mapping a machine account to an Active Directory account.

While this is the case, a Windows administrator who talked with BleepingComputer said that switching the StrongCertificateBindingEnforcement registry entry to 0 fixed the problem for some of their customers after the newest Patch Tuesday updates were installed. The Kerberos Distribution Center (KDC) of the firm may now be enforced in Compatibility mode thanks to this registry entry.

As soon as Microsoft begins examining these problems and devising solutions, we may expect a genuine remedy to appear within the next several Patch Tuesday updates in June, at the very latest.