Technology

Cybersecurity Authority Warns of Windows Patch Day

The US cybersecurity authority CISA now warns against installing the latest patch day update – CISA normally warns about security gaps and recommends patches. The background is a problem with domain controllers. That reports that Bleeping Computer Online Magazine and refers to a corresponding letter that the CISA published We have translated the letter for you and attached it at the end of the post. All issues with the May Patch for Windows and domain controllers now revolve around authentication issues, which we reported last week.

Microsoft had confirmed that problems had arisen after the May Patch Day. After updating PCs with Windows 10 and 11, users reported that authorization using the NPS, RRAS, EAP, and PEAP protocols may fail. The problem is related to the way the domain controller handles the assignment of certificates to computer accounts. However, this confirmed bug does not affect client Windows devices and non-domain Windows servers.

Verification Forced

Microsoft had made changes to address a Windows Local Security Authority (LSA) (CVE-2022-2692) spoofing vulnerability. This fatal flaw allows unauthenticated attackers to call anonymously and force the domain controller (DC) to authenticate them through NTLM. This can lead to elevation of privilege and allow attackers to take control of an entire domain.

The US Cyber ​​Security Agency reports:

CISA temporarily removes CVE-2022-26925 from the catalog of known vulnerabilities due to the risk of authentication errors when May 10, 2022, Microsoft rollup update is applied to domain controllers. After installing the May 10, 2022 update rollup on domain controllers, organizations may experience authentication errors on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP) and Protected Extensible Authentication Protocol (PEAP).

Microsoft has notified CISA of this issue, which is related to the way the domain controller handles the assignment of certificates to computer accounts. Note: Installing updates released on May 10, 2022, on client Windows devices and Windows servers that are not domain controllers will not cause this issue and is still highly recommended. This issue only affects May 10, 2022 updates that are installed on servers used as domain controllers. Organizations should continue to install updates on client Windows devices and Windows servers without a domain controller.

With CISA now officially discouraging the installation of the May Patch on Windows Server DCs, Microsoft must act as quickly as possible to provide a permanent fix for any vulnerabilities patched on patch day.