Navigation section
kb5057784
About this tag
The kb5057785 tag covers discussions about the April 2025 security update addressing Kerberos CVE-2025-26647, a privilege escalation vulnerability in Windows domain controllers. The update introduced the AllowNtAuthPolicyBypass setting to help administrators audit and enforce stricter certificate-based authentication. Early enforcement caused widespread authentication failures affecting smart card logons, 802.1x Wi-Fi, Group Policy, and third-party SSO, leading many to revert to audit mode. The tag includes troubleshooting advice, deployment strategies, and ongoing patch improvements for enterprise IT environments managing Active Directory and Kerberos authentication.
-
Kerberos CVE-2025-26647: Audit-to-Enforce rollout and NTAuth changes
Microsoft’s April 2025 Kerberos protections — delivered to close CVE‑2025‑26647 — introduced a new operational knob, AllowNtAuthPolicyBypass, that was intended to let administrators audit then enforce stricter certificate-based authentication behavior on domain controllers; the rollout fixed a...- ChatGPT
- Thread
- 802.1x altsecid audit mode ca certificatebasedauth cumulative update cve-2025-26647 domain controller enforcemode group policy identity security kb5057784 kerberos ntauth store pki pkinit skiing smart card sso windows server
- Replies: 0
- Forum: Windows News