Microsoft has identified that the April 2025 security updates cause authentication problems on certain Windows Server 2025 domain controllers, affecting protocols like Kerberos and certificate-based logons. These issues primarily impact enterprise environments, with home users unlikely to be affected. (Affected: Windows Server 2025 domain controllers and related enterprise systems)
Keypoints :
- April 2025 security updates (KB5055523) may cause authentication failures on Windows Server 2016, 2019, 2022, and 2025 domain controllers.
- The issues involve problems processing Kerberos logons and delegation using certificate-based credentials in Active Directory.
- Impacts include Windows Hello for Business Key Trust environments and Device Public Key Authentication—affecting various authentication-dependent applications.
- The problems are linked to CVE-2025-26647, a high-severity vulnerability that allows privilege escalation via Kerberos exploitation.
- Microsoft recommends a registry workaround by setting AllowNtAuthPolicyBypass from “2” to “1” to mitigate the issue.
- Previously, Microsoft released out-of-band updates in November 2022 to fix Kerberos-related authentication failures on domain controllers.
- The company advises enterprise administrators to monitor for updates and apply workarounds to maintain authentication security and stability.