Microsoft releases emergency patches for Windows authentication issues

The updates released for Windows in May have been incredibly problematic. The KB5013943 update has been causing various issues, one of which has forced Microsoft to push out emergency to fix things.

There are several out-of-band patches fixes available as the authentication issue they address affect various versions of Windows. In all, there are no fewer than eight patches available: KB5014986, KB5014987, KB5014990, KB5014991, KB5015013, KB5015018, KB5015019 and KB5015020.

• Microsoft warns that KB5013943 update is causing authentication failures in Windows 11, Windows Server and more
• KB5013943 update for Windows 11 is causing 0xc0000135 errors
• You can now buy official Microsoft Windows 11 Home and Windows 11 Pro USB drives

Earlier this month, Microsoft acknowledged the problem saying: "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller".

At the time, the company said that it was investigating and working on a fix, and this has now come to fruition.

Listings for the newly release patches include the following improvement:

Addresses a known issue that might cause authentication failures for some services on a server or client after you install the May 10, 2022 update on domain controllers. These services include Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers; it does not affect client Windows devices.

The eight updates that have been made available are now security updates, and as such they will not be available via Windows Update. Instead, they can be downloaded via the Microsoft Update Catalog using the following links:

• Windows Server 2022: KB5015013 
• Windows Server version 20H2: KB5015020 
• Windows Server 2019: KB5015018 
• Windows Server 2016: KB5015019 
• Windows Server 2012 R2: KB5014986 
• Windows Server 2012: KB5014991 
• Windows Server 2008 R2 SP1: KB5014987 
• Windows Server 2008 SP2: KB5014990 

Image credit: yu_photo / Shutterstock