Provides a link to Microsoft Security Advisory: Incorrectly issued digital certificates could allow spoofing.

When in Enforcement mode, if the domain controller receives a Kerberos authentication request with an unsafe certificate, it will log legacy Event ID: 21 and deny the request.

The following sections will help you to identify, mitigate, and remedy Active Directory Certificate Services (AD CS)-issued certificates and requests that were affected by the vulnerability that is identified in Microsoft Security Advisory ADV170012.

When you send a digitally-signed macro or document, you also send your certificate and public key. Certificates are issued by a certification authority, and like a driver’s license, can be revoked.

To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

If you do not want to purchase a digital certificate from a third-party certificate authority (CA), or if you want to digitally sign your document immediately, you can create your own digital certificate.

Resolves a reported vulnerability that could allow spoofing in implementations of DNS.

To fix this, you need to reapply the 2023 certificate to the firmware’s DB using the recovery application. This is done by creating a recovery USB, then booting the affected device from that USB to restore the missing certificate.

Resolves vulnerabilities in Windows that could allow spoofing if the attacker gains access to the certificate that is used by the end-user for authentication.

To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer. To successfully run this security update, you must also have SharePoint Server 2019 Language Pack (KB5002753) installed on the computer.