Microsoft has mounted a recognized problem inflicting authentication issues when Credential Guard is enabled on programs utilizing the Kerberos PKINIT pre-auth safety protocol.
Based on Redmond, these authentication points affect each shopper (Home windows 11, model 24H2) and server (Home windows Server 2025) platforms, albeit solely in some area of interest eventualities.
On affected programs, customers expertise issues as a result of the passwords aren’t rotating appropriately when utilizing the Identification Replace Supervisor certificates/Pre-Bootstrapping Key Initialization (PKINIT) protocol.
Nevertheless, as a result of Kerberos Authentication is mostly used on enterprise endpoints, dwelling gadgets are probably not impacted by this recognized problem.
“With this problem, gadgets fail to alter their password each 30 days because the default interval. Due to this failure, gadgets are perceived as stale, disabled, or deleted, resulting in consumer authentication points,” Microsoft defined in a Home windows launch well being dashboard replace.
“Gadgets operating Home windows Residence version are unlikely to be affected by this problem, as Kerberos authentication is usually utilized in enterprise environments and isn’t frequent in private or dwelling settings.”
Microsoft says the difficulty was mounted in April 2025 with Home windows safety updates for Home windows 11 24H2 and Home windows Server 2025. Nevertheless, it additionally added that it disabled Machine Accounts in Credential Guard, a function depending on Kerberos password rotation, till a everlasting repair is discovered.
“We advocate you put in the newest replace on your gadget because it accommodates essential enhancements and problem resolutions, together with this one,” the corporate stated.
In November 2022, Redmond launched emergency out-of-band (OOB) updates to repair one other recognized problem triggering Kerberos sign-in failures and numerous different authentication issues on enterprise Home windows area controllers.
It additionally addressed authentication failures associated to Kerberos delegation eventualities on Home windows Server in November 2021 and related Kerberos auth issues affecting domain-connected gadgets operating Home windows 2000 and later one 12 months earlier.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and find out how to defend in opposition to them.
