
close
close
Microsoft has issued an out-of-band emergency update fix to patch an authentication issue that was caused by the November 9th cumulative update for Windows Server. The bug affects Windows Server 2008 SP2 through to Windows Server 2019.
The November 9th Patch Tuesday cumulative update (CU) for Windows Server causes a problem that can cause authentication failures on Active Directory (AD) domain controllers (DC). Microsoft says about the new out-of-band update:
advertisment
Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self). This issue occurs after you install the November 9, 2021 security updates on domain controllers (DC) that are running Windows Server.
The bug caused by the Patch Tuesday update can prevent end users from signing into services or apps that are configured to use single sign-on (SSO) in AD or hybrid Azure Active Directory (AAD) environments.
Microsoft says that organizations might see the following issues on systems affected by the bug:
S4U2self is a Kerberos protocol extension for AD that lets a service get a Kerberos service ticket for itself on behalf of a user. Using S4U2self, the user is identified to the Key Distribution Center (KDC) with the user’s name and realm, or alternatively the user’s certificate.
advertisment
Service for User (S4U) can be used in different scenarios, like running Windows Task Scheduler tasks under a user account without storing the user’s password. Or allowing an external web server to get a Kerberos service ticket on a user’s behalf.
Here is a list of the updates that you can download for each affected version of Windows Server:
Windows Server version | Microsoft Update Catalog update link |
Windows Server 2008 SP2 | KB5008606 |
Windows Server 2008 R2 SP1 | KB5008605 |
Windows Server 2012 | KB5008604 |
Windows Server 2012 R2 | KB5008603 |
Windows Server 2016 | KB5008601 |
Windows Server 2019 | KB5008602 |
Microsoft isn’t making this out-of-band fix available via Windows Update. But you can download the updates manually from the Microsoft Update Catalog using the links above and then manually important each update into Windows Server Update Services (WSUS).
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Windows Server
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft Confirms May 2022 Patch Tuesday Updates Cause AD Authentication Issues
May 12, 2022 | Rabia Noureen
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Support for Windows Server 2012 R2 and 2016
Apr 14, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group