Microsoft November 2022 updates break Active Directory integration

Solution Verified - Updated -

Issue

  • With the November 2022 patches, Microsoft released fixes to address CVE-2022-37967, CVE-2022-38023 and CVE-2022-37966
  • After installation of these patches, user authentication on Linux systems integrated in Active Directory (directly or indirectly through cross-forest trust) no longer works and new systems are unable to join an AD domain that is managed by domain controllers where these patches have been applied.

Resolution

Microsoft acknowledged on their support page that these authentication issues are not an expected part of the security hardening for Netlogon and Kerberos starting with November 2022 security update.

On the same support page Microsoft also says that they are working on a resolution and estimate a solution will be ready in the coming weeks. This known issue will be updated with more information when it is available.

Customers facing issues on their Red Hat Enterprise Linux systems after Microsoft November 2022 patches have been deployed are advised to talk to their Microsoft representative and also to actively monitor the support page .

Red Hat internal tests have shown that removing the already installed Microsoft November 2022 patches have helped to resolve the issue for the time being.

IMPORTANT: For all actions carried out on Microsoft systems, Red Hat advise is to first talk to your Microsoft representative.

UPDATE: On 17 Nov 2022 Microsoft released out-of-band patches to address the issue introduced with regular Nov 2022 update.

For more information, please see our blog post on this topic.

There was a public disclosure of the actual attack on Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37966 and CVE-2022-37967) at Blackhat Europe 2022 where Tom Tervoort, Principal Security Specialist at Secura, presented more details.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments