check before: 2025-09-09
Product:
Windows, Windows Server
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Windows updates released September 9, 2025 and later, introduce security hardening changes to certificate mapping requirements in Windows Servers. The is the final milestone of a rollout that has gradually been taking place since 2023. IT administrators need to take action to ensure normal operations in accordance with the new certificate mapping criteria, and install the September 9, 2025 updates.
For full details, see KB5014754: Certificate-based authentication changes on Windows domain controllers.
When will this happen:
This change is effective immediately in Windows updates released September 9, 2025. Servers which run Active Directory Certificate Services, as well as Windows domain controllers that service certificate-based authentication, are now required to meet certain certificate mapping criteria in order for authentication operations to succeed. These changes address vulnerabilities discussed in CVE-2022-34691 and others.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-09-10
updated:
2025-09-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Authentication Failures
If the new certificate mapping criteria are not met, authentication operations may be denied, leading to users being unable to access necessary resources.
- roles: IT Administrators, End Users
- references: https://support.microsoft.com/help/5014754, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691
Increased Support Tickets
Users experiencing authentication issues may lead to a surge in support tickets, overwhelming IT support teams and delaying resolution times.
- roles: IT Support Staff, End Users
- references: https://support.microsoft.com/help/5014754, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691
Service Downtime
Failure to comply with the new certificate mapping requirements may result in service downtime for applications relying on certificate-based authentication.
- roles: Application Administrators, End Users
- references: https://support.microsoft.com/help/5014754, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691
User Experience Degradation
Users may experience delays or failures in accessing services, leading to frustration and decreased productivity.
- roles: End Users, IT Administrators
- references: https://support.microsoft.com/help/5014754, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691
Compliance Risks
Non-compliance with the new security requirements may expose the organization to security vulnerabilities and regulatory penalties.
- roles: Compliance Officers, IT Administrators
- references: https://support.microsoft.com/help/5014754, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security Protocols
Implementing the new certificate mapping requirements will enhance security by preventing vulnerabilities associated with certificate emulation and spoofing. This will lead to a more secure authentication process across the organization, reducing the risk of unauthorized access.
- next-steps: Conduct a security audit to assess current certificate mapping practices and identify necessary changes. Provide training for IT staff on the new requirements and update relevant documentation.
- roles: IT Administrators, Security Officers, Network Engineers
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691, https://support.microsoft.com/help/5014754
Streamlined IT Operations
By adhering to the new certificate mapping criteria, IT administrators can streamline operations by reducing the number of authentication failures and troubleshooting instances caused by outdated or incorrect certificate mappings.
- next-steps: Develop a checklist for compliance with the new certificate mapping criteria and integrate it into regular IT operational procedures. Monitor authentication logs to identify and resolve issues proactively.
- roles: IT Administrators, Help Desk Staff, System Administrators
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691, https://support.microsoft.com/help/5014754
User Experience Improvement
With stronger certificate mapping, users will experience fewer authentication issues, leading to a smoother login process and improved overall satisfaction with IT services.
- next-steps: Gather user feedback on authentication experiences post-update and adjust IT support resources to address any new concerns. Communicate changes to users to enhance understanding and compliance.
- roles: End Users, IT Support Staff, Training Coordinators
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691, https://support.microsoft.com/help/5014754
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago ago
