We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Certificate Authority

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
Winsage
June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.
Microsoft: April updates cause Windows Server auth issues
Winsage
May 7, 2025

Microsoft: April updates cause Windows Server auth issues

Microsoft has acknowledged that the April 2025 security updates are causing authentication challenges for certain Windows Server domain controllers, specifically affecting Windows Server versions 2016, 2019, 2022, and 2025. The issues arise after installing the April Windows monthly security update (KB5055523 or later), leading to complications in processing Kerberos logons or delegations that rely on certificate-based credentials. Affected authentication protocols include Kerberos PKINIT, S4U via RBKCD, and KCD. These issues are linked to security measures addressing the critical vulnerability CVE-2025-26647, which allows authenticated attackers to escalate privileges remotely. A temporary workaround involves modifying a registry value. Microsoft has previously addressed similar authentication issues in Windows 11, Windows Server 2025, and earlier versions.
Microsoft addresses Windows vulnerability with PowerShell script
Winsage
February 5, 2025

Microsoft addresses Windows vulnerability with PowerShell script

Microsoft has introduced a PowerShell script, KB5053484, to address the 2023 BlackLotus Secure Boot vulnerability (CVE-2023-24932) in Windows operating systems. This update targets Windows-bootable media and aligns with the new Secure Boot Certificate Authority (CA) released in February 2024, replacing the outdated CA from 2011. The BlackLotus vulnerability allows attackers to bypass Secure Boot in Windows 10 and 11, potentially injecting harmful code at the UEFI level. The update is available immediately to enhance security against this threat.
KB5053484: Microsoft shares new PowerShell script for updated Windows 11/10 boot media
Winsage
February 5, 2025

KB5053484: Microsoft shares new PowerShell script for updated Windows 11/10 boot media

In February 2024, Microsoft announced the rollout of new 2023 Secure Boot Certificate Authority (CA) keys to replace the 2011 certificates that were introduced with Windows 8. This initiative began with Patch Tuesday updates, specifically KB5034765 for Windows 11 and KB5034763 for Windows 10, as the 2011 certificates are set to expire in 2026. Microsoft released a PowerShell script, Make2023BootableMedia.ps1, to update Windows bootable media for compatibility with the new Windows UEFI CA 2023 certificate, addressing the Black Lotus Secure Boot vulnerability (CVE-2023-24932). The script can update various types of bootable media, including ISO files, USB drives, and local or network drive paths. Users must have the latest Windows Assessment and Deployment Kit (Windows ADK) for the script to function properly, and it should be executed from an elevated PowerShell prompt with the appropriate media source provided. Comprehensive details are available in the KB5053484 support article on Microsoft's website.
Search