Microsoft has issued out-of-band (OOB) updates to address authentication failures on domain controllers that run all currently supported editions of Windows Server.
According to the security advisory, the updates address an issue that causes authentication failures related to Kerberos tickets that have been acquired from Service for User to Self (S4U2self).
Importantly, the issue only manifests itself on Windows Server installations that are running the security updates released on November 9, 2021.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
Microsoft has released OOB updates to address the issue in Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2008.
As per BleepingComputer, while putting out the advisories, Microsoft also shared the multiple ways the issue might present itself, depending on the configuration and version of your Windows Server installation.
It adds that users of the affected systems will not be able to install these OOB emergency updates through the Windows Update service, nor will they be able to install them automatically on the affected domain controllers.
Instead, users will have to search for the updates in the Microsoft Update catalog and download the standalone update packages for their respective Windows Server installation.
Importantly, Microsoft has confirmed that the issue doesn’t impact Kerberos delegation scenarios where a Kerberos client provides the front-end service with an evidence ticket. Furthermore, pure Azure Active Directory environments are immune as well.
If you’re looking for a server, these are the best small business servers currently available