Admins see domain controller login issues after Patch Tuesday round

Microsoft warns that the May Patch Tuesday update may cause problems with the authentication of some services. The update causes issues on Windows 11 and Windows Server 2022 devices that are used as domain controllers.

Microsoft writes in an update that installing update KB5013943 may cause issues on Windows versions. It affects almost all versions of Windows including 10 and 11, and even 7 and 8.1, and Windows Server from version 2016 to 2022. The problem occurs after administrators install the update that was sent during the May Patch Tuesday. According to Microsoft, it only concerns devices that are used as domain controllers. Client devices and Windows Servers that are not deployed as controllers are not affected.

Various system administrators complain on forums like reddit that they are experiencing issues with the patch. Microsoft confirms that the patch will cause authentication issues. This would occur in several services, including the Network Policy Server, the Routing and Remote Access Service, Radius, the Extensible Authentication Protocol and the Protected Extensible Authentication Protocol, but other services from Windows may also be affected.

The problems become according to Microsoft caused by a patch that fixes two vulnerabilities. During the past Patch Tuesday, two privilege escalation bugs, CVE-2022-26931 and CVE-2022-26923, were fixed in Kerberos. The new issues are related to the way the domain controller maps certificates. Microsoft recommends manually assigning certificates to machines via Active Directory as a mitigation, at least until an update is released that resolves the issue. It is not yet known when that will be.