Microsoft’s April 2025 Patch Tuesday Updates
In a timely release today, Microsoft has rolled out its Patch Tuesday updates for April 2025. Users of Windows 10 will find updates labeled KB5055518, KB5055519, and KB5055521, while Windows 11 users should look for KB5055523 and KB5055528.
Status of Windows 10 Updates
Interestingly, Microsoft has confirmed that there are no known issues with the latest version of Windows 10, a noteworthy point given the complexities often involved in such updates.
Improvements in Windows 11
The recent updates for Windows 11 focus on fixing a significant Kerberos authentication bug that had troubled users. This issue was impacting the ability to change passwords correctly, marking them erroneously as “stale, disabled, or deleted.”
Understanding the Bug
Normally, password rotation occurs automatically at defined intervals, with 30 days being the default period. However, due to this bug, machine accounts that rely on Credential Guard were unable to perform as intended. The Credential Guard feature enhances security by moving machine account credentials from the registry into the more secure Defender Credential Guard.
Microsoft’s Explanation
After installing Windows 11, version 24H2, devices using the Identity Update Manager certificate/Public Key Cryptography for Initial Authentication (PKINIT) might experience an issue with passwords not rotating correctly, causing authentication failures. This issue occurs particularly when Kerberos Authentication is used and the Credential Guard feature is enabled. Note that machine certification using PKINIT path is a niche use case, and this issue affects a small number of devices in enterprise environments.
With this issue, devices fail to change their password every 30 days, as is expected, leading to user authentication problems as they are considered stale, disabled, or deleted.
Devices running Windows Home edition are not likely to exhibit this issue, as Kerberos authentication is predominantly utilized within enterprise settings and seldom applies to personal or home computer usage.
Note: The Machine Accounts feature within Credential Guard, which relies on password rotation via Kerberos, has been temporarily disabled until a permanent fix is released.
Resolution and Recommendations
Microsoft has announced that the issue related to Kerberos authentication has been successfully resolved:
This issue is resolved in the April 2025 Windows security update (KB5055523) and later updates. We recommend you install the latest update for your device as it includes critical improvements and resolutions, including this one.
Further Information
For detailed information regarding this issue, you can visit Microsoft’s official Windows health dashboard.
For additional insights and images related to this update, check out the article on Neowin.
Related Articles:
Microsoft Blocking Admin Rights to Enhance Google Chrome’s Performance Against Edge
7:37
Microsoft Edge May Incorporate Phi-4 Mini for On-Device AI Functionality in Windows 11
23:11
Download New Redesigned Microsoft Office Icons Now Being Tested
21:57
Leave a Reply ▼