Microsoft confirms Windows update NTLM and Kerberos authentication issues.
SOPA Images/LightRocket via Getty Images
Hot on the heels of the NSA publishing a “high-risk of compromise” alert for Microsoft Exchange server users, and the CVE-2025-9491 Windows vulnerability being exploited by attackers with no patch available, comes more bad news. Microsoft has confirmed another Windows update issue, this time impacting Windows 11 and Windows Server users, that leads to the repeated prompting for authentication credentials, the failure of valid credentials, and remote desktop connections. Here’s what you need to know and do.
ForbesMicrosoft Confirms Free Windows 10 Security Updates — How To Get ThemBy Davey WinderMicrosoft Confirms Some Users Might Experience Authentication Failures After Windows 11 And Server Updates
Microsoft is continually evolving the security protections available to users of the Windows operating systems, as evidenced in the recent announcement of new functionality to help keep admin users safe from malicious applications and actors threatening accounts. Sometimes, these updates can cause issues, even through they are ultimately there to enhance security rather than make your life miserable for no reason. Such would appear to be the case with the latest confirmation from Microsoft that “added security protections that enforce checks on Security IDs” put into place with Windows 11 and Server updates “released on and after August 29,” could be causing authentication failures for some users.
Microsoft Support posting KB5070568 explained that users “might experience Kerberos and New Technology LAN Manager authentication failures across devices that have duplicate Security IDs.”These NTLM and SID issues are impacting users of Windows 11, version 24H2, Windows 11, version 25H2, and Windows Server 2025 following the August 29 update.
ForbesNew Proton Research Exposes 300 Million Stolen CredentialsBy Davey Winder
This is caused by those aforementioned security protections, which, Microsoft confirmed, “enforce checks on SIDs, causing authentication to fail when devices have duplicate SIDs.” This is a good thing. Such duplicate SIDs are often created when performing “unsupported cloning or duplication of a Windows installation without running Sysprep.” SID uniqueness, enabled by Sysprep, is now a mandatory requirement for those Windows versions post-update. Without the new enforcements, it was possible for an unauthorized user to potentially get access to restricted files that were accessible on the duplicated SID system.
“This design change blocks authentication handshakes between such devices,” Microsoft said, adding that “devices containing duplicate SIDs will need to be rebuilt using supported methods for cloning or duplicating a Windows installation so that they have unique SIDs.”
ForbesLinkedIn DM Attack Warning — What Users Need To KnowBy Davey Winder