Update for CVE-2025-26647 Kerberos Authentication Vulnerability

800error

In April 2025, Microsoft released an update to address the Kerberos authentication vulnerability known as CVE-2025-26647. This update introduces a new registry setting called AllowNtAuthPolicyBypass within the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc key. The value of this registry entry can be set to 0, 1, or 2 to control how NTAuth policy bypasses are handled.

– Setting it to 0 disables NTAuth checks.
– A setting of 1 enables auditing mode with Event ID 45 logging when there’s an issue.
– Value 2 enforces strict policy compliance and blocks unauthorized authentication attempts upon failure.

This update is designed to enhance security, but a blog reader encountered issues related to this new registry key. In environments running Windows Server 2016 as domain controllers and mixed versions of client operating systems (Windows 10 24H2, 23H2), only around 40 out of approximately 1500 clients were affected in July.

When transitioning to enforcement mode by setting AllowNtAuthPolicyBypass to 2, the system began logging error messages indicating failed smartcard logon attempts due to untrusted certificates. Additionally, group policy updates became impossible on impacted machines.

The blog reader suspects a bug caused by an incomplete patch from June 2025 and suggests reviewing the Windows release health reports for further insights into related issues. Since then, August 2025 patches have been released that might address these concerns.

Third-party info around this topic highlights challenges in rolling out security updates without breaking existing workflows or systems. A similar case involved a vulnerability affecting SSL/TLS connections where initial updates caused widespread connectivity issues until subsequent patches corrected the problem.

Challenges In Security Patches Leading To System Breakdowns

Similar questions

What is Kerberos authentication?
What does CVE-2025-26647 refer to?
Where can I find the AllowNtAuthPolicyBypass setting in Windows registry?
How do different values of AllowNtAuthPolicyBypass impact NTAuth policy checks?
Why were only 40 out of around 1500 clients affected by this issue?
What happens when you set AllowNtAuthPolicyBypass to 2 and encounter untrusted certificates during smartcard logon attempts?
How can group policy updates be impossible on impacted machines when setting AllowNtAuthPolicyBypass to 2?
Why would a blog reader suspect an incomplete patch from June as the cause of these issues?
Where can I find Windows release health reports for more information about this issue?
Are there any August 2025 patches that address the problems mentioned in the text?

Related Posts

Solved: Error 4534276 No Longer Interrupts Updates

Fix for Windows Update Error 4534276 Summary KB4534276 is an update for Microsoft Windows operating systems, specifically designed to address several security vulnerabilities and performance improvements. This cumulative update includes a variety of fixes that are essential for maintaining the stability and security of affected Windows versions. The update applies to various editions of Windows […]

Resolved: Error 0x80070643 Now Fixed with KB5022840 Update

KB5022840 Update Summary – Fixes Error Code 0x80070643 KB5022840 is an important update from Microsoft that addresses several critical issues and security vulnerabilities across various Windows operating systems. This cumulative update primarily focuses on improving stability, performance, and security features for users running Windows 10 or Windows Server versions such as Windows Server 2019 and […]

Issue Resolved: No More Error 4504728困扰了用户的问题终于得到解决!

Fix for Error 4504728 Summary KB4504728 is an update from Microsoft for Windows, aimed at addressing critical security vulnerabilities and performance improvements. This cumulative update delivers enhancements to the stability, compatibility, and overall user experience of Windows operating systems. It includes updates to various components such as Internet Explorer, EdgeHTML engine, .NET Frameworks, and Windows […]