October and November Patch Day Kerberos and Domain Join break

Be aware for latest patch day releases as they might break some functionality that you currently have in your infrastructure. October patch day KB KB5020276 breaks the domain join. There is a valid workaround but it introduces the CVE-2022-38042 so take proper approvals from security before applying it into your infrastructure.

November patch day bring some additional Kerberos authentication breaks, causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems.

In the latest release, Kerberos replaced the NTLM protocol as the default authentication protocol for domain-connected devices on all Windows versions above Windows 2000.

This affects not only servers but also workstations:

  • Client: Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2 or later, and Windows 11 21H2 or later
  • Server: Windows Server 2008 SP2 or later, including the latest release, Windows Server 2022.

 

Leave a comment

Your email address will not be published. Required fields are marked *

2 × two =