Microsoft Windows Patch Tuesday Update Bug Is Causing Major Authentication Headaches
Many are aware by now, second Tuesday of every month is Patch Tuesday for Microsoft Windows. This is when Microsoft rolls out major and critical updates to its ubiquitous operating system, Windows. Much like many Patch Tuesdays before, there are problems with the latest one.
Specifically, the patch has problems relating to authentication. Unfortunately, it looks like the issue exists on all versions of Windows, including Windows 11 and Server 2022. The knowledge of the issue seemed to have shown up in the r/sysadmin Subreddit, where some users pointed out they received the following error. "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect." Or something similar.
There's some good news and some bad news related to this. The error seems to only affect versions of Windows that are being used as Domain Controllers and those that use Kerberos. That's actually the bad news because that's potentially a lot of servers. That's also the good news, because it means home users are likely unaffected by the issue. The other good news is that Microsoft is already working on a patch.
Now, the initial reason for the problem is related to the patch addressing CVE-2022-26931 and CVE-2022-26923. These are both vulnerabilities that elevate privileges through a number of means. Elevated privileges means that a bad actor would be able to gain access to core system files, protected files, and even potentially gain access over your device. So it ultimately means updating to these versions is more advised.
In these updates, there's been updates to certificate mapping, which has caused some automatic forms of this to fail. Because certificates are key to domain security, there will definitely be some authentication failures. There are some workarounds, as Microsoft itself advises manual mapping of certificates.
Some users state that if dealing with Kerberos, it might be an okay, but not ideal, way to bypass the issue if you find and set the registry key named StrongCertificateBindingEnforcement to 0. According to Microsoft, the Patch actually was turned on by default due to the patch. It is a REG_DWORD Data Type if you wish to take that route, but be aware that this particular action is not advised by Microsoft. You can also just uninstall the patches, but this leaves those critical vulnerabilities exposed on your system.
Maybe one day Microsoft will get it right when it comes to patch Tuesdays, and we'll have a 0 issues update roll out. But Tuesday the 10th of May, 2022 was not that day.