CISA: Do not install May Windows Patch Tuesday updates on domain controllers
Microsoft has patched a Windows Local Security Authority (LSA) spoofing vulnerability tracked under CVE-2022-26925 with the latest Patch Tuesday update. A high-severity vulnerability allows an unauthenticated attacker to anonymously call a method and force a domain controller (DC) to authenticate it via NTLM. In the worst-case scenario, this could lead to privilege escalation and an attacker taking control of your entire domain.
Detailing this vulnerability is important because the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has required Federal Civilian Executive Branch agencies (FCEB) to install these updates within three weeks to protect themselves against this Attack surface and other attacks. However, it has now removed this requirement as the latest Patch Tuesday updates can also cause authentication issues when installed on a DC - which we discussed previously.
These issues are primarily caused by two patches for Windows Kerberos and Active Directory Domain Services, tracked as CVE-2022-26931 and CVE-2022-26923 respectively. CISA no longer encourages IT administrators to install May's Patch Tuesday on DCs due to the inability to choose between patches to install. The note on the advisory reads:
Installing the update released on May 10, 2022 on client Windows devices and non-domain controller Windows servers does not cause this issue and is still strongly recommended. This issue only affects the May 10, 2022 update installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows servers.
Currently, Microsoft offers a workaround that involves manually mapping certificates. It also strongly emphasizes that applying any additional mitigation measures may have a negative impact on your organization's security posture.
Given that CISA discourages FCEB from installing May Patch Tuesday updates entirely on Windows Server DCs, Microsoft may want to roll out a more permanent fix soon.
The above is the detailed content of CISA: Do not install May Windows Patch Tuesday updates on domain controllers. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Zend Studio 13.0.1
Powerful PHP integrated development environment
Notepad++7.3.1
Easy-to-use and free code editor
