Microsoft on Sunday reported that after installing updates released on the most recent Patch Tuesday on Nov. 8, security teams might have issues with Kerberos authentication on Windows Servers with the Domain Controller role.
Like most other major operating systems, Microsoft uses the Kerberos protocol for authenticating service requests between trusted hosts across an untrusted network, the most obvious being the internet. Along with Microsoft Windows, Kerberos support has been built into the Apple macOS, FreeBSD, and Linux.
Microsoft is planning to implement changes to Kerberos and Netlogon protocols. These protocol changes won’t happen overnight but the plan is to have a phased deployment. There will be 4 phases for this deployment.
The explicit settings like the above might potentially impact SCCM services after applying November security patches KB5021131 and KB5020805. There is no confirmation from Microsoft on this point. We will keep you all posted!
CVE-2022-38023 and CVE-2022-37967
Microsoft released the November security patches to fix vulnerabilities explained in the following CVEs – CVE-2022-38023 and CVE-2022-37967. The recommendation from Microsoft is to install the following KBs on all the Domain Controllers.
Vulnerabilities in Windows
The following Windows versions are affected:
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012
- Windows Server 2012 R2
- Windows 10 Version RTM bis 22H2
- Windows 11 Version 22H1 – 22H2
- Windows Server 2016 – 2022
- Windows Server 2022 Azure Stack HCI Version 22H2
- Windows 11 SE Version 21H2
Microsoft suggests the following procedure:
Microsoft writes that the affected Windows updates must be installed on all devices, including Windows domain controllers, to protect your environment.
- Update the Windows domain controllers with a Windows update that was released on or after November 8, 2022.
- Put the Windows domain controller into audit mode by using the registry entries here.
- Monitor the events that are stored in audit mode to secure your environment.
- AEnable enforcement mode to fix CVE-2022-37967 n your environment.