Description
After installing Windows Upgrades given during the May 2022 Patch Tuesday on domain controllers, Microsoft has released an emergency update to address the Active Directory (AD) authentication difficulties.
Summary
Authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP) were seen after installing updates released on May 10, 2022, on your domain controllers. The out-of-band (OOB) Windows updates released are only available via the Microsoft Update Catalog. These emergency patches also correct an issue that prohibited users from installing apps from the Microsoft Store before.
The following cumulative updates are available for installation on Domain Controllers:
Windows Server 2022: KB5015013
Windows Server, version 20H2: KB5015020
Windows Server 2019: KB5015018
Windows Server 2016: KB5015019
Microsoft also released standalone updates:
Windows Server 2012 R2: KB5014986
Windows Server 2012: KB5014991
Windows Server 2008 R2 SP1: KB5014987
Windows Server 2008 SP2: KB5014990
These updates can be manually imported into Microsoft Endpoint Configuration Manager and Windows Server Update Services (WSUS).
The Guyana National CIRT recommends that users and administrations review this alert and apply it where necessary.
PDF Download: Microsoft emergency updates fix Windows AD authentication issues.pdf
References
https://petri.com/microsoft-out-of-band-patches-windows-ad-authentication-issues/