CISA: Do not install May Windows Patch Tuesday updates on domain controllers-Common Problem-php.cn

CISA: Do not install May Windows Patch Tuesday updates on domain controllers

WBOY

Release： 2023-04-19 13:25:03

forward

1221 people have browsed it

CISA: Do not install May Windows Patch Tuesday updates on domain controllers

Microsoft has patched a Windows Local Security Authority (LSA) spoofing vulnerability tracked under CVE-2022-26925 with the latest Patch Tuesday update. A high-severity vulnerability allows an unauthenticated attacker to anonymously call a method and force a domain controller (DC) to authenticate it via NTLM. In the worst-case scenario, this could lead to privilege escalation and an attacker taking control of your entire domain.

Detailing this vulnerability is important because the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has required Federal Civilian Executive Branch agencies (FCEB) to install these updates within three weeks to protect themselves against this Attack surface and other attacks. However, it has now removed this requirement as the latest Patch Tuesday updates can also cause authentication issues when installed on a DC - which we discussed previously.

These issues are primarily caused by two patches for Windows Kerberos and Active Directory Domain Services, tracked as CVE-2022-26931 and CVE-2022-26923 respectively. CISA no longer encourages IT administrators to install May's Patch Tuesday on DCs due to the inability to choose between patches to install. The note on the advisory reads:

Installing the update released on May 10, 2022 on client Windows devices and non-domain controller Windows servers does not cause this issue and is still strongly recommended. This issue only affects the May 10, 2022 update installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows servers.

Currently, Microsoft offers a workaround that involves manually mapping certificates. It also strongly emphasizes that applying any additional mitigation measures may have a negative impact on your organization's security posture.

Given that CISA discourages FCEB from installing May Patch Tuesday updates entirely on Windows Server DCs, Microsoft may want to roll out a more permanent fix soon.

The above is the detailed content of CISA: Do not install May Windows Patch Tuesday updates on domain controllers. For more information, please follow other related articles on the PHP Chinese website!