Microsoft released emergency updates to fix 0-day Windows AD authentication vulnerabilities. After installing updates released May 10, 2022 on domain controllers, authentication failures may occur on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

For a complete description of the vulnerabilities and affected systems: 

The following cumulative updates for installation on Domain Controllers (no action needed on the client-side):

• Windows Server 2022: KB5015013
• Windows Server, version 20H2: KB5015020
• Windows Server 2019: KB5015018
• Windows Server 2016: KB5015019

IT Security

Read more about IT Security service offerings.