After the latest Patch Tuesday updates, many Windows users started getting update-related complaints. According to BleepingComputer, Microsoft has warned that some of the policies have changed since Windows administrators installed the latest updates. Not successful After sharing reports showing that endanger Reportedly, the pitcher has begun investigating the issues in question. Moreover, this is not the first problem that the updates bring. We have shared a similar issue with you for the past few days.

According to this new issue mentioned, some Windows services authentication problem is happening. The statement notes that only client and server Windows platforms and systems, including those running Windows 11 and Windows Server 2022, are affected by the current issue; Microsoft said the problem is on servers used as domain controllers. only after updates are installed then it says it is activated.

Windows administrators experience ‘authentication issues’ with many services

Windows administrators encounter problems after installing updates “Authentication failed due to mismatched user credentials. The username provided does not match an existing account or the password is incorrect” reports that they have received a warning message. Microsoft, meanwhile, cites authentication errors for a number of services, including Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). it can be the subject.

In another statement, Microsoft said that these issues Windows Kerberos and Active Directory Domain ServicesIt says it’s caused by security updates related to the privilege escalation vulnerabilities in . Accordingly, in Active Directory Domain Services 8.8If not addressed, this vulnerability (CVE-2022-26923) could allow attackers to use an account’s privileges to elevate a domain administrator’s privileges.

On the other hand, the vulnerability in Windows Kerberos (CVE-2022-26931) 7.5It is distinguished by its CVSS score, which has a high degree of prevention.

So what can you do?

To mitigate these authentication issues, Microsoft is replacing certificates for Windows administrators with a computer account in Active Directory. manually paired when recommending; to see which domain controller failed to login Kerberos Operational Log recommends its use.

A Windows administrator, on the other hand, may discover that the only way users who have the latest updates installed can log in is by using the StrongCertificateBindingEnforcement registry key. turn it off by setting it to 0 conveys that. This registry key is used to change the corporate Kerberos Deployment Center (KDC) enforcement mode to “Compatibility Mode”.

With Microsoft actively investigating these issues and providing workarounds, this is a viable solution. soon or at least takes place in June meaning it may come with the patch.