#CISA Temporarily Removes #CVE-2022-26925 from Known Exploited #Vulnerability Catalog

Read Time1 Minute, 3 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/13/2022 08:20 PM EDT

 

Original release date: May 13, 2022
CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.

For more information see the Microsoft Knowledge Base article, KB5014754—Certificate-based authentication changes on Windows domain controllers: Key Distribution Center registry key.

Note: installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue and is still strongly encouraged. This issue only affects May 10, 2022 updates installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows Servers.

About Post Author

Robert Williams

News247WorldPress is a UK News Agency. The Agency was founded in August 2014 by Robert Williams and L. J. Rothschild. As an international news agency we cover all the important top news of the day in text, pictures and graphics in many languages: German, English, Romanian and more...

This site uses Akismet to reduce spam. Learn how your comment data is processed.