Microsoft has mounted a recognized difficulty inflicting authentication issues when Credential Guard is enabled on techniques utilizing the Kerberos PKINIT pre-auth safety protocol.
In line with Redmond, these authentication points affect each consumer (Home windows 11, model 24H2) and server (Home windows Server 2025) platforms, albeit solely in some area of interest situations.
On affected techniques, customers expertise issues as a result of the passwords aren’t rotating appropriately when utilizing the Id Replace Supervisor certificates/Pre-Bootstrapping Key Initialization (PKINIT) protocol.
Nonetheless, as a result of Kerberos Authentication is mostly used on enterprise endpoints, dwelling gadgets are seemingly not impacted by this recognized difficulty.
“With this difficulty, gadgets fail to vary their password each 30 days because the default interval. Due to this failure, gadgets are perceived as stale, disabled, or deleted, resulting in consumer authentication points,” Microsoft defined in a Home windows launch well being dashboard replace.
“Units working Home windows Residence version are unlikely to be affected by this difficulty, as Kerberos authentication is usually utilized in enterprise environments and isn’t widespread in private or dwelling settings.”
Microsoft says the problem was mounted in April 2025 with Home windows safety updates for Home windows 11 24H2 and Home windows Server 2025. Nonetheless, it additionally added that it disabled Machine Accounts in Credential Guard, a characteristic depending on Kerberos password rotation, till a everlasting repair is discovered.
“We advocate you put in the most recent replace on your machine because it incorporates necessary enhancements and difficulty resolutions, together with this one,” the corporate stated.
In November 2022, Redmond launched emergency out-of-band (OOB) updates to repair one other recognized difficulty triggering Kerberos sign-in failures and varied different authentication issues on enterprise Home windows area controllers.
It additionally addressed authentication failures associated to Kerberos delegation situations on Home windows Server in November 2021 and related Kerberos auth issues affecting domain-connected gadgets working Home windows 2000 and later one yr earlier.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and how you can defend in opposition to them.
