CISA Must-Patch List Removes Windows Flaw as Microsoft's Fix Causes Authentication Issues

By

CISA's must-patch list removed a serious Windows flaw. But why did the U.S. cybersecurity agency do this if it is a major system issue?

CISA Must-Patch List Removes Windows Flaw as Microsoft's Fix Causes Authentication Issues
A new Microsoft Surface Pro 4 sit on display at a media event for new Microsoft products on October 6, 2015 in New York City. Microsoft also unveiled a virtual reality gaming head set titled the HoloLens, a laptop titled the Surface Book and a phone titled the Lumia 950. Photo by Andrew Burton/Getty Images

The latest problem with this vulnerability is actually with Microsoft's fix.

The new bug, designated as "CVE-2022-26925," is supposed to be resolved using Microsoft's May 10, 2022 update.

However, the software giant announced that their upcoming patch is also flawed, causing some authentication issues.

Because of this, CISA temporarily removed the Windows vulnerability from its must-patch list so that users would not install the May 10, 2022 patch.

CISA Must-Patch List Removes Windows Flaw

According to ZDNet's latest report, Microsoft contacted CISA regarding the authentication issues of its May 10 2022 patch.

Microsoft CEO Nadella Sees More Growth with Cloud Business Amid Economic Downturn
A logo sits illumintated outside the Microsoft booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. by David Ramos/Getty Images

"After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services," said the U.S. cybersecurity department.

CISA added that these include Routing and Remote Access Service (RRAS), Network Policy Server (NPS), Protected Extensible Authentication Protocol (PEAP), and Radius Extensible Authentication Protocol (EAP).

The agency added that Windows Servers acting as domain controllers are the only ones affected by the May 10, 2022 authentication issues.

What Admins Should Do

CISA said that the admins should refer to Microsoft's document KB5014754 for further details regarding the bug and the May 10, 2022 patch issues.

The software giant explained that the new CVE-2022-26925 is a Local Security Authority (LSA) Spoofing flaw. This means that it affects LSA's ability to authenticate and log users onto a local system.

Since the May 10 patch has authentication issues can lead to a 9.8 severity since hackers. As of writing, Microsoft is still trying to solve the patch issues so that admins can update their Windows systems.

If you want to see further details about the latest CISA must-patch Microsoft bug removal, you can visit this link.

Meanwhile, some Microsoft Xbox players complained that they were losing money from their accounts.

On the other hand, Microsoft and other tech giants decided to work on a new passwordless sign-in feature for all their platforms.

For more news updates about Microsoft and other software giants, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:CISAWindowsMicrosoft
Join the Discussion
Most Popular
Real Time Analytics