Security News > 2022 > May > CISA warns not to install May Windows updates on domain controllers
The U.S. Cybersecurity and Infrastructure Security Agency has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory authentication issues caused by the May 2022 updates that patch it.
Unauthenticated attackers abuse CVE-2022-26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager security protocol and, likely, gain control over the entire Windows domain.
Patches for two elevations of privilege vulnerabilities in Windows Kerberos and Active Directory Domain Services will also cause service authentication problems when deployed on Windows Server domain controllers.
Since Microsoft no longer provides separate installers for each security issue it addresses during Patch Tuesday, installing this month's security updates will also trigger the AD auth issues since admins can't choose to install only one of the security updates.
As CISA noted, "Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue and is still strongly encouraged."
"This issue only affects May 10, 2022 updates installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows Servers," the cybersecurity agency added.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-26925 | Missing Authentication for Critical Function vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 5.9 |