Microsoft’s history with Windows updates has often been punctuated by instances where critical security patches—introduced to defend against real-world threats—have triggered unexpected issues in enterprise environments. The April 2025 Patch Tuesday release is one such event, and its fallout has...
The recent April Patch Tuesday updates have brought an unexpected challenge for enterprise administrators and IT security professionals: broken Kerberos authentication for Windows Hello and certificate-based logins on Active Directory Domain Controllers (DC) running supported versions of Windows...
active directory
ad domain controllers
authentication security
certificate trust
certificate-based logons
cve-2025-26647
enterprise identity
enterprise it
it security
kerberos authentication
kerberos delegation
ntauthstore
passwordless authentication
patch tuesday
pki management
pkinit
security vulnerabilities
smart card login
windows hello for business
windows server
Over the past several years, Windows Hello for Business (WHfB) has emerged as a cornerstone of Microsoft’s modern authentication approach, prioritizing both convenience and layered security. However, recent developments have drawn fresh scrutiny to the ecosystem’s dependence on complex trust...