The cyber security authority CISA first warned against the installation. Now she has included the update for securing ADs back in the specification.
Initially, the United States Security Agency discouraged from installing it – now the May Windows update for securing Active Directories has reintroduced it to the catalog of known exploited vulnerabilities. This obliges US federal authorities to install it quickly.
The update from the May patch day with the CVE entry CVE-2022-26925 (CVSS 8.1, risk “ high“) was intended to seal vulnerabilities in Active Directory. Particularly explosive: the gap has already been actively attacked. However, the side effect of the patch was that certificates were assigned differently to machines and accounts, which meant that registrations no longer worked correctly. The CISA had therefore temporarily removed the update from the specification for authorities.
Corrected update – installation mandatory again
For the weekend, however, the CISA has now included the error correction back in the catalog of the swiftly closed vulnerabilities to be fixed. Microsoft distributed the corrected version of the update on the June patch day, so it can now be used without side effects.
US federal authorities now have until July 22 to apply the update. A knowledgebase article is intended to help prevent possible problems in advance and provides specific instructions for installation on domain controllers. As a result, the update should first be installed on all Windows endpoints. Before applying it to domain controllers, however, administrators should configure two more registry keys.
CISA points out that only US federal agencies are bound by the instruction to apply the security patches. However, the authority explicitly recommends that all organizations install the updates now to reduce the attack surface.