Summary. CVE-2022-34691, CVE-2022-26931 and CVE-2022-26923 address an elevation of privilege vulnerability that can occur when the Kerberos Key Distribution Center (KDC) is servicing a certificate-based authentication request.

Key Distribution Center (KDC) The Kerberos service that implements the authentication and ticket granting services specified in the Kerberos protocol. The service runs on computers selected by the administrator of the realm or domain; it is not present on every machine on the network.

Summary. This update addresses the following issue: Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self).

When all Domain Controllers have RFC-compliant KDC certificates, Windows can protect itself by Enabling Strict KDC Validation in Windows Kerberos. Note By default, newer Kerberos public key features will be required. Make sure that revoked certificates fail the respective scenario. AD CS is used for various scenarios in an organization.

Summary. A security feature bypass vulnerability exists in the way the Key Distribution Center (KDC) determines whether a Kerberos service ticket can be used for delegation through Kerberos Constrained Delegation (KCD).

Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection. Addresses an issue that causes a domain controller to incorrectly write Key Distribution Center (KDC) event 21 in the System event log.

This update addresses a memory allocation issue in the Host Network Service (HNS). It causes high memory usage. It also affects service and pod deployment. For more information about security vulnerabilities, please refer to the Security Update Guide and the March 2024 Security Updates .

Glossary. Summary. The November 8, 2022 and later Windows updates address weaknesses in the Netlogon protocol when RPC signing is used instead of RPC sealing. More information can be found in CVE-2022-38023 .

Release Date: 6/14/2022. Version: OS Build 17763.3046. NEW 06/14/22. IMPORTANT On May 19, 2022, we released an out-of-band (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers.

Microsoft Key Distribution Service (KDS) start failure: System error 1064 has occurred. An Exception occurred in the service when handling the control request. KDS root key generation failure: The process cannot access the file because it is being used by another process. ( Exception from HRESULT: 0x80070020 ) Cause.