The U.S. Cybersecurity and Infrastructure Security Agency announced that the agency is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, Microsoft rollup update is applied to domain controllers. Installing the May 10 rollup update on domain controllers can cause authentication failures.
These failures can affect both server and client for services, including Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). It is related to how the mapping of certificates to machine accounts is being handled by the domain controller.
CISA stated that May 10 update only affects servers used as domain controllers. CISA stated that organizations should install the updates to client Windows devices and non-domain controller Windows Servers.
According to online news sources, the bug is being actively exploited. It allows unauthenticated attackers to exploit the vulnerability to force domain controllers to authenticate them remotely via the Windows NT LAN Manager security protocol, which allows them to gain control over the entire Windows domain.