Microsoft has finally, a whole week after I predicted that an emergency out-of-band Windows update would be with us before the month was out, pulled the fix trigger. The target being to correct the somewhat disastrous Patch Tuesday security updates that caused multiple authentication failures for many Windows business users. Anyone who this issue has impacted must apply the update as soon as possible: but there’s a catch, which I’ll get to in a moment.
May 2022 Patch Tuesday authentication failures
Those authentication failures were caused by installing the May 2022 Patch Tuesday updates on domain controllers. These included authentication failures on the server or client for services such as Network Policy Server and Extensible Authentication Protocol, to name but two. The issue, according to Microsoft, relates to “how the mapping of certificates to machine accounts is being handled by the domain controller.”
So, what’s the catch?
The out-of-band emergency updates are available for impacted users of Windows 10, Windows 11, and Windows Server 2008, 2012, 2016, 2019, and 2022. Microsoft has published details for all platforms.
So, what’s the catch, then? The updates are not available from Windows Update, so they will not install automatically. Instead, you will need to download manually from Microsoft’s update catalog. You’ll also need to search for the relevant knowledge base (KB) number to find them. Those numbers, and next step instructions, are referenced here.
If you paid attention to the Straight Talking Cyber team video at the top of this and the Patch Tuesday articles, you’ll appreciate why we said that consumers should always patch immediately, but for businesses, the order of the updates day has to come by way of risk profiling. The domain controller authentication failures being a perfect example.