March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2022-25617 – WordPress Code Snippets plugin Vulnerability
May 20, 2022
Rewterz Threat Alert – Ghost RAT – Active IOCs
May 20, 2022
Rewterz Threat Advisory – CVE-2022-25617 – WordPress Code Snippets plugin Vulnerability
May 20, 2022
Rewterz Threat Alert – Ghost RAT – Active IOCs
May 20, 2022
Severity
High
Analysis Summary
Microsoft investigated a known issue that causes authentication failure issues for some Windows services. This follows concerns from Windows administrators that certain rules were broken after installing this month’s security patches. The problem affects client and server Windows platforms, as well as systems running all versions of Windows, including the most recent ones (Windows 11 and Windows Server 2022).
Now recently, they published emergency out-of-band (OOB) fixes to address Active Directory (AD) authentication issues that occurred after installing Windows Updates delivered on the May 2022 Patch Tuesday on domain controllers.
They explained,
“Authentication failures might be seen on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP) after installing updates released on May 10, 2022,”
“An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.”
The OOB Windows updates made available today are exclusively available through the Microsoft Update Catalog and will not be available via Windows Update.
The company released the cumulative updates for installation on Domain Controllers (no action needed on the client-side):
- Windows Server 2022: KB5015013
- Windows Server, version 20H2: KB5015020
- Windows Server 2019: KB5015018
- Windows Server 2016: KB5015019
Microsoft also released standalone updates:
- Windows Server 2012 R2: KB5014986
- Windows Server 2012: KB5014991
- Windows Server 2008 R2 SP1: KB5014987
- Windows Server 2008 SP2: KB5014990
These updates can be manually imported into Microsoft Endpoint Configuration Manager and Windows Server Update Services (WSUS).
On the Import updates from the Microsoft Update Catalog, you’ll discover WSUS and the Catalog Site and Configuration Manager instructions.
They also added:
“There is only need to install these updates for the month of May if you are utilizing security only updates for these versions of Windows Server,”. If you use Monthly Rollup updates, you’ll need both the standalone update described above and the May 10, 2022, Monthly Rollups.
Impact
- Active Directory Authentication Failures
Remediation
- Download the OOB updates from the vendor website at: https://www.catalog.update.microsoft.com/Home.aspx
Cumulative updates for installation on Domain Controllers:
- Windows Server 2022: KB5015013
- Windows Server, version 20H2: KB5015020
- Windows Server 2019: KB5015018
- Windows Server 2016: KB5015019
Standalone updates: