Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues

Windows Server 4 Hero Approved

Microsoft released new out-of-band (OOB) updates yesterday to address Active Directory (AD) authentication problems caused by the May 2022 Patch Tuesday updates. These emergency patches also include a fix for the bug that previously prevented the installation of apps from the Microsoft Store.

The May 2022 security updates that shipped earlier this month included fixes for privilege escalation flaws in Windows Kerbose and the Active Directory Domain Service. At the same time, this release also caused AD authentication failures on Windows devices used as domain controllers.

Microsoft confirmed last week that the Windows AD authentication issue was caused by a certificate mapping bug and provided a workaround to fix it. CISA has recently warned IT Admins against installing this month’s Patch Tuesday updates on domain controllers.

The latest round of Patch Tuesday updates also introduced a bug that prevents users from installing or opening Microsoft Store apps on some Windows PCs. Microsoft noted that this problem only impacts devices with Control-flow Enforcement Technology (CET) processors, including select AMD CPUs and Intel Core processors or later.

Download out-of-band-updates to fix Patch Tuesday Windows AD Authentication errors

Microsoft noted that these out-of-band updates are available to download on Microsoft’s update catalog. Moreover, these patches can also be manually loaded into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.

OSArticleMicrosoft Update Catalog
Windows Server 2022KB5015013Download
Windows Server 20H2KB5015020Download
Windows Server 2019KB5015018Download
Windows Server 2016KB5015019Download
Cumulative updates
OSArticleMicrosoft Update Catalog
Windows Server 2012 R2KB5014986Download
Windows Server 2012KB5014991Download
Windows Server 2008 R2 SP1KB5014987Download
Windows Server 2008 SP2KB5014990Download
Standalone updates

“If you are using security only updates for these versions of Windows Server, you only need to install these updates for the month of May,” Microsoft said yesterday. “If you are using Monthly Rollup updates, you will need to install both the standalone update listed above, and the Monthly rollups released May 10, 2022.”

Have you encountered any problems with Windows AD authentication lately? Sound off in the comments section below if you managed to resolve the issue after installing the latest updates.