Microsoft Patches Kerberos Issues in Windows Server
Microsoft fixes the issues surrounding the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.
Updates that are installed on the domain controller of managing network and identity security requests disrupted Kerberos authentication capabilities, ranging from failures in domain user sign-ins and Group Managed Service Accounts authentication to remote desktop connections not connecting.
There also were other issues including users being unable to access shared folders on workstations and printer connections that require domain user authentication failing.
Microsoft issued emergency out-of-band (OOB) updates that can be installed in all Domain Controllers, saying that users don’t need to install other updates or make changes to other servers or client devices to resolve the issue.
Kerberos is used to authenticate service requests between multiple trusted hosts on an untrusted network such as the internet, using secret-key cryptography and a trusted third party to authenticate applications and user identities.
Microsoft issued two updates for hardening the security of Kerberos – as well as Netlogon, another authentication tool – in the wake of two vulnerabilities tracked as CVE-2022-37967 and CVE-2022-37966. Those updates led to the authentication issues that were addressed by the latest fixes.
To refer the released updates