You are currently viewing Microsoft Released Emergency Out-Of-Band Updates To Fix Windows Server Authentication Issues

Microsoft Released Emergency Out-Of-Band Updates To Fix Windows Server Authentication Issues

After the November patch Tuesday, Microsoft has released emergency updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC). These authentication issues impact systems that are running Windows Server 2019 and lower versions with specific Kerberos delegation scenarios.

Microsoft claims this security update “Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self).”

“The issue occurs, after you install the November 9 2021 security updates on domain controllers (DC) that are running Windows Server.”

On impacted systems, end-users cannot sign in to services or applications using Single Sign-On (SSO) in Active Directory on-premises or hybrid Azure Active Directory environments.

List of updates released by Microsoft after November Patch Tuesday:

  • KB5008602: Out-of-band on Windows Server 2019
  • KB5008601: Out-of-band on Windows Server 2016
  • KB5008603: Authentication fails on domain controllers in specific Kerberos scenarios on Windows Server 2012 R2
  • KB5008604: Authentication fails on domain controllers in specific Kerberos systems on Windows Server 2012
  • KB5008605: Authentication fails on domain controllers in specific Kerberos systems on Windows Server 2008 R2 SP1
  • KB5008606: Authentication fails on domain controllers in specific Kerberos systems on Windows Server 2008 SP2

The authentication issues prevent end-users in Active Directory on-premises or hybrid Azure Active Directory environments from signing in to services or applications using Single Sign-On (SSO).

Deployment updates:

Microsoft emergency updates cannot be installed through Windows Update, and they will also not be installed automatically on affected DCs. If you installed earlier updates, only the new fixes contained in the update package would be downloaded and installed on your device. To install the above non-security updates, you have to search and download the standalone update package from Microsoft Update Catalog for respective KBs, or you can download using the below links.

1. KB5008602 – UPDATE
2. KB5008601 – UPDATE
3. KB5008603 – UPDATE
4. KB5008604 – UPDATE
5. KB5008605 – UPDATE
6. KB5008606 – UPDATE

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments