Important Microsoft Windows Server 10, 11 and Server Warnings Issued as Attacks Underway


May 12, 2012 Update: This post was originally published May 11,.

It is important to patch your Windows platforms as soon as possible against known vulnerabilities. However, this has been again disputed by the potential risk. Forbes Straight Talking Cyber always recommends that consumers update their Windows platforms as soon as possible. However, businesses should be cautious and rely on their risk profile to make the right decisions. Microsoft is investigating reports that multiple authentication failures occurred after installing the May 2022 Patch Tuesday Update, as Bleeping Computer reported. This is in response to authentication problems that were caused by the November Patch Tuesday update, which led to an emergency out of band fix.


One problem that may arise from the May 2022 update is an authentication failure. This could be caused by a mismatch in credentials between domain controllers and servers. It involves the mapping of machine accounts to certificates. This is a setup that will not affect consumers, but it will impact businesses.

Reddit Patch Tuesday support group member found that temporarily uninstalling the KB5014001 or KB5014011 updates was sufficient. Bleeping Computer reports, while a security update will resolve the issue, Microsoft recommends manual mapping certificates to Active Directory machine account accounts. I wouldn’t be surprised to see a similar and faster conclusion to the November 2011 out-of-band security release.

Microsoft’s latest patch Tuesday batch of security fixes has just been released. It’s a huge one. Eight of the 75 security problems being addressed get a critical severity rating, and there are three zero-day vulnerabilities. Windows Server 10, 11 and Server users should be aware that one of these vulnerabilities is already being exploited.

The Microsoft Security Update guide provides a complete list of all 75 vulnerabilities along with their severity ratings and affected platforms. Here’s what we know so far about the one that is being attacked.

CVE-2022-26925

CVE-2022-266925 is a zero-day vulnerability Microsoft has confirmed as being exploited. It is an exploited zero day vulnerability that Microsoft has not given an important rating for. This is because it isn’t chained with New Technology LAN Manager relay attacks.

These PetitPotam attacks, as they are commonly known, can be used against Windows domain controllers or other servers. The zero-day severity rating can be combined to increase it to 9.8 criticality. This is not an easy attack, but it is possible, as the ‘actively exploited label shows. Windows Server, 7, 8, 8.1, 10, and 11 users should make sure that the update is applied as soon possible.

Security experts’ opinions

Chris Hass, Director of Security at Automox says that while Patch Tuesday is lacking in numbers (in April, more than 100 vulnerabilities were reported), it makes up for with its severity and infrastructure headaches. CVE-2022-26925 is a Windows LSA Spoofing Vulnerability that could be used to allow an attacker intercept or man in the middle network traffic. He says that Microsoft has confirmed the exploit of this CVE in the wild and system administrators should make this patch a priority. Automox recommends that all exploited and critical vulnerabilities be patched within 72 hours.

Satya Gupta is co-founder of Virsec. He says that although the Patch Tuesday update contains “highly concerning vulnerability” on an individual threat basis but that it still raises concern when viewed in a larger context. He says that more than one-third of the vulnerabilities Microsoft identified in April-May 2022 (1,330, 36%) were remote code execution vulnerabilities. This presents a huge opportunity for malicious actors and customers to be compromised.

HEY! Could we ask you for a favor? Would you share this article with your friends? It costs you nothing and it takes just a second, but means the world to us. Thanks a lot!