Microsoft Issues Updates To Fix Authentication Problems Caused by Its May Patches
Microsoft on Thursday declared that authentication problems associated with its May monthly updates have been resolved via newly released updates.
That notion comes in a May 19 update to a public "Message Center" announcement, as echoed in this May 20 Twitter post by Aria Carley, senior program manager on the Windows Update platform team. The authentication problems had just affected Windows Server instances that were used as domain controllers after applying Microsoft's May patches soon after their May 10 "update Tuesday" release.
The fix for the authentication problems isn't automatic. Instead, Microsoft addressed the issue by issuing so-called "out-of-band" (unscheduled) updates that are available for manual download from the Microsoft Update Catalog.
IT pros have to manually search the Microsoft Update Catalog to get these fixes, as they are "not available from Windows Update and will not install automatically," according to the updated Message Center announcement. From the catalog, IT pros can import the fixes into tools such as Windows Server Update Services and Microsoft Endpoint Configuration Manager.
A list of the Knowledge Base (KB) article numbers per each possibly affected Windows Server product is included in the updated Message Center announcement. IT pros can use these KB numbers for their manual out-of-band patch searches.
The authentication problems apparently just affected organizations that early-on patched Windows Server installations used as domain controllers. Microsoft's original Message Center announcement had also listed Windows client operating systems as being affected, but that notion got dropped in Microsoft's May 19 Message Center revision.
Here's Microsoft statement to that effect:
This issue was resolved in out-of-band updates released May 19, 2022 for installation on Domain Controllers in your environment. There is no action needed on the client side to resolve this authentication issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.
Microsoft originally had advised affected organizations to apply workarounds, which involved manually mapping certificates to a machine account in Active Directory. Microsoft is now saying that these workarounds should be removed, although no instructions were indicated.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.