CISA's must-patch list removed a serious Windows flaw. But why did the U.S. cybersecurity agency do this if it is a major system issue?
(Photo : Andrew Burton/Getty Images)
A new Microsoft Surface Pro 4 sit on display at a media event for new Microsoft products on October 6, 2015 in New York City. Microsoft also unveiled a virtual reality gaming head set titled the HoloLens, a laptop titled the Surface Book and a phone titled the Lumia 950.
The latest problem with this vulnerability is actually with Microsoft's fix.
The new bug, designated as "CVE-2022-26925," is supposed to be resolved using Microsoft's May 10, 2022 update.
However, the software giant announced that their upcoming patch is also flawed, causing some authentication issues.
Because of this, CISA temporarily removed the Windows vulnerability from its must-patch list so that users would not install the May 10, 2022 patch.
CISA Must-Patch List Removes Windows Flaw
According to ZDNet's latest report, Microsoft contacted CISA regarding the authentication issues of its May 10 2022 patch.
(Photo : David Ramos/Getty Images)
A logo sits illumintated outside the Microsoft booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world's largest communications companies.
Also Read: Microsoft Store App Awards 2022: How To Vote? Categories, End Date, and Other Details
"After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services," said the U.S. cybersecurity department.
CISA added that these include Routing and Remote Access Service (RRAS), Network Policy Server (NPS), Protected Extensible Authentication Protocol (PEAP), and Radius Extensible Authentication Protocol (EAP).
The agency added that Windows Servers acting as domain controllers are the only ones affected by the May 10, 2022 authentication issues.
What Admins Should Do
CISA said that the admins should refer to Microsoft's document KB5014754 for further details regarding the bug and the May 10, 2022 patch issues.
The software giant explained that the new CVE-2022-26925 is a Local Security Authority (LSA) Spoofing flaw. This means that it affects LSA's ability to authenticate and log users onto a local system.
Since the May 10 patch has authentication issues can lead to a 9.8 severity since hackers. As of writing, Microsoft is still trying to solve the patch issues so that admins can update their Windows systems.
If you want to see further details about the latest CISA must-patch Microsoft bug removal, you can visit this link.
Meanwhile, some Microsoft Xbox players complained that they were losing money from their accounts.
On the other hand, Microsoft and other tech giants decided to work on a new passwordless sign-in feature for all their platforms.
For more news updates about Microsoft and other software giants, always keep your tabs open here at TechTimes.
Related Article: Windows 11 Version 22H2 Nears Roll Out! What Should We Be Excited About
This article is owned by TechTimes
Written by: Griffin Davis
