My Pulsant
Potential service impact - Microsoft May Windows Updates - authentication failures affecting Domain Controllers
Subscribe
Identified - Synopsis:
Within the May Windows Updates released on 10th May 2022 by Microsoft there is an update which addresses two known vulnerabilities (CVE-2022-26931 and CVE-2022-26923). It has come to light that the update causes various issues with authentication protocols. Microsoft have confirmed that service impact is limited to servers running in the Domain Controller role.
Nature of the issue:
Microsoft have advised the following:
After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)
Impacted Systems:
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 Enterprise ESU
Windows Server 2008 R2 Standard ESU
Windows Server 2008 R2 Datacenter ESU
Windows Server 2008 Service Pack 2
Windows Server 2016
all editions Windows Server, version 20H2
all editions Windows Server 2022
Windows Server 2019
Remediation Advice:
Pulsant would recommend that clients proceed with patching end user devices as normal. Servers not running in the Domain Controller role can also be patched at this time.
For servers running in the Domain Controller role, Pulsant would recommend that clients postpone their normal patching routine for a period of at least 14 days in the expectation that Microsoft will release an emergency update which addresses this issue. However, clients should balance this advice against their own risk posture in relation to the various critical and high vulnerabilities which are covered by the May release, including the following:
CVE-2022-26925
CVE-2022-22713
CVE-2022-29972
Pulsant are currently working with our Cyber Security team to assess how best to approach our normal cycle of automated and manual patching for the May release.
External Links:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2826msgdesc
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-windows-updates-cause-ad-authentication-failures/
https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925
May 13, 13:30 BST
Within the May Windows Updates released on 10th May 2022 by Microsoft there is an update which addresses two known vulnerabilities (CVE-2022-26931 and CVE-2022-26923). It has come to light that the update causes various issues with authentication protocols. Microsoft have confirmed that service impact is limited to servers running in the Domain Controller role.
Nature of the issue:
Microsoft have advised the following:
After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)
Impacted Systems:
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 Enterprise ESU
Windows Server 2008 R2 Standard ESU
Windows Server 2008 R2 Datacenter ESU
Windows Server 2008 Service Pack 2
Windows Server 2016
all editions Windows Server, version 20H2
all editions Windows Server 2022
Windows Server 2019
Remediation Advice:
Pulsant would recommend that clients proceed with patching end user devices as normal. Servers not running in the Domain Controller role can also be patched at this time.
For servers running in the Domain Controller role, Pulsant would recommend that clients postpone their normal patching routine for a period of at least 14 days in the expectation that Microsoft will release an emergency update which addresses this issue. However, clients should balance this advice against their own risk posture in relation to the various critical and high vulnerabilities which are covered by the May release, including the following:
CVE-2022-26925
CVE-2022-22713
CVE-2022-29972
Pulsant are currently working with our Cyber Security team to assess how best to approach our normal cycle of automated and manual patching for the May release.
External Links:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2826msgdesc
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-windows-updates-cause-ad-authentication-failures/
https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925
May 13, 13:30 BST
Update - Due to the escalations within Ukraine, Pulsant's Cyber Security team have taken additional measures to review a common set of CVE’s (common vulnerabilities and exposures) that have been known to be exploited by Russian-state sponsored APT (advanced persistent threat) actors for initial access. This has been against all our internal assets and where possible client assets (covered by appropriate services within Alert Logic) – both searches have produced no results.
Pulsant continue to engage and monitor threat intelligence feeds for updates, including NCSC (UK National Cyber Security Centre). Their advice on appropriate counter-measures remains our existing stance, which is to routinely assess the effectiveness of our cyber controls, regardless of the threat.
Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.
Feb 24, 17:19 GMT
Pulsant continue to engage and monitor threat intelligence feeds for updates, including NCSC (UK National Cyber Security Centre). Their advice on appropriate counter-measures remains our existing stance, which is to routinely assess the effectiveness of our cyber controls, regardless of the threat.
Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.
Feb 24, 17:19 GMT
Monitoring - We continue to monitor this situation carefully and will update clients if threat levels change.
Feb 2, 16:32 GMT
Feb 2, 16:32 GMT
Investigating - As as result of tensions in Ukraine, NCSC have flagged a potentially elevated cyber threat but also state that they are not aware of any specific threat to UK organisations at this time.
General advice from NCSC reflects our normal approach to Cyber threats (regardless of its origin) in that we maintain and routinely measure the effectiveness of appropriate counter measures to reduce our exposure to cyber-attacks. Good cyber security relies upon ensuring that mitigations and detective controls continue to perform as expected and we have the capability and capacity to respond quickly to security incidents if or when they occur.
Pulsant as an organisation has robust and effective policy, governance and technical controls that ensures we patch our systems regularly, maintain strong access controls (incl. multi-factor authentication), perform regular system, network infrastructure monitoring, and maintain effective incident management and response. Pulsant also keep abreast of evolving threats and will take extraordinary measures where necessary.
Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.
Feb 2, 16:32 GMT
General advice from NCSC reflects our normal approach to Cyber threats (regardless of its origin) in that we maintain and routinely measure the effectiveness of appropriate counter measures to reduce our exposure to cyber-attacks. Good cyber security relies upon ensuring that mitigations and detective controls continue to perform as expected and we have the capability and capacity to respond quickly to security incidents if or when they occur.
Pulsant as an organisation has robust and effective policy, governance and technical controls that ensures we patch our systems regularly, maintain strong access controls (incl. multi-factor authentication), perform regular system, network infrastructure monitoring, and maintain effective incident management and response. Pulsant also keep abreast of evolving threats and will take extraordinary measures where necessary.
Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.
Feb 2, 16:32 GMT
About This Site
We are the UK’s leading colocation and cloud infrastructure provider.
We provide colocation and cloud infrastructure services from our 10 regional data centres, including integration and management of public cloud, with a core focus on availability, security and connectivity.
Business Continuity
Operational
Cloud Backup (Asigra) Edinburgh
Operational
Cloud Backup (Asigra) Milton Keynes
Operational
Cloud Backup (Asigra) Newcastle
Operational
Cloud Backup (Asigra) Reading
Operational
Cloud Backup (Veeam) Edinburgh
Operational
Cloud Backup (Veeam) Milton Keynes
Operational
Disaster Recovery
Operational
Data Centre Services
Operational
Edinburgh Medway
Operational
Edinburgh Newbridge
Operational
Edinburgh South Gyle
Operational
Glasgow
Operational
Maidenhead
Operational
Manchester
Operational
Milton Keynes
Operational
Newcastle Central
Operational
Newcastle East
Operational
Reading
Operational
Sheffield
Operational
South London
Operational
Managed Cloud
Operational
Azure
Operational
AWS
Operational
Cloud Storage Edinburgh
Operational
Cloud Storage Milton Keynes
Operational
Cloud Storage Newcastle Central
Operational
Cloud Storage Newcastle East
Operational
Cloud Storage Reading
Operational
Managed Office 365
Operational
Pulsant Enterprise Cloud (PEC) Edinburgh
Operational
Pulsant Enterprise Cloud (PEC) Milton Keynes
Operational
Pulsant Enterprise Cloud (PEC) Newcastle Central
Operational
Pulsant Enterprise Cloud (PEC) Newcastle East
Operational
Pulsant Enterprise Cloud (PEC) Reading
Operational
Cloud Desktop Milton Keynes
Operational
Cloud Desktop Edinburgh
Operational
Email Security Services
Operational
Managed Networks
Operational
Cloud Connect
Operational
Maidenhead
Operational
Medway
Operational
Milton Keynes
Operational
Newcastle
Operational
Newbridge
Operational
Reading
Operational
South Gyle
Operational
South London
Operational
South Yorkshire
Operational
Leased Lines
Operational
xDSL Services
Operational
IP Transit
Operational
Data Centre Failover
Operational
Content Delivery Network (CDN)
Operational
Cloud Fabric
Operational
Data Centre Connect
Operational
Metro Connect
Operational
Optical Connect
Operational
Managed Security
Operational
Cloud Protect
Operational
DDoS Protect
Operational
Threat Intelligence Alert
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.