Microsoft’s latest cumulative updates that were released earlier this week for Windows 11 broke an important business security feature. The fix has not yet been published, but Microsoft expects to have one ready in the approaching weeks.
As reported by BleepingComputer (opens in recent tab), the Redmond software giant recently acknowledged certain issues with the Kerberos authentication protocol after November’s Patch Tuesday.
“After installing updates released on November 8, 2022, or afterward Windows Servers with the Domain Controller role, you may have issues with Kerberos authentication,” Microsoft said.
Failing to check in
“When this issue is encountered you may receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event within the System section of Event Go online your Domain Controller with the below text,” the corporate explained.
BleepingComputer readers reported that the update breaks Kerberos, the default authentication protocol for domain-connected Windows endpoints, days previously.
One explained that the protocol breaks “in situations where you have got set the ‘This account supports Kerberos AES 256 bit encryption’, or ‘This account supports Kerberos AES 128 encryption’ Account Options set (i.e., msDS-SupportedEncryptionTypes attribute) on user accounts in AD.”
Based on the report, a number of the Kerberos authentication scenarios include domain user sign-in failing and affecting Lively Directory Federation Services authentication in the method, Distant Desktop connections using domain users failing to attach, and a number of other others.
The affected platforms include most Windows versions since Windows 7 (Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2, Windows 11 21H2), and a few Server version (Windows Server 2008 SP2, Windows Server 2022)-.
Home customers and users not enrolled in an on-premises domain should not affected by this bug, it was added. Moreover, the flaw doesn’t impact non-hybrid Azure Lively Directory environments, in addition to those without an on-prem Lively Directory server.