Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Microsoft Windows updates break authentication on systems with duplicate SIDs

Service Disruption
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Windows updates released since August 29, 2025 are breaking Kerberos and NTLM authentication on systems with duplicate SIDs, disrupting Remote Desktop access and causing login failures on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. The change blocks authentication handshakes between cloned devices that share the same Security Identifier. Administrators are being told to rebuild affected systems with supported imaging methods or use a temporary Group Policy workaround.

Related Happenings

Microsoft Windows Server 2025 and Windows 11 23H2 BitLocker recovery fix

Security Patch Release
H score15 First: 11.06.2026 11:44 Last: 11.06.2026 11:44 Sources 1

About this happening: Microsoft shipped **KB5094125** for **Windows Server 2025** and **KB5093998** for **Windows 11 23H2** to fix a **BitLocker recovery** bug tied to the **April 2026 security update*...

Open Happening

Microsoft BitLocker recovery prompt workaround

Advisory/Mitigation
H score25 First: 09.06.2026 21:35 Last: 09.06.2026 21:35 Sources 1

About this happening: Microsoft issued a **temporary workaround** for **BitLocker recovery prompts** on some **Windows** systems after recent updates. The issue affects devices configured with a **BitL...

Open Happening

Microsoft My Sign-Ins MFA outage

Service Disruption
H score25 First: 01.06.2026 14:40 Last: 01.06.2026 14:40 Sources 1

About this happening: **Microsoft** is dealing with an **ongoing outage** that is blocking some users from setting up **multi-factor authentication (MFA)** and accessing **My Sign-Ins**. Affected users...

Open Happening

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
H score0 First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Open Happening

Windows 10 KB5087544 extended security update

Security Patch Release
H score15 First: 12.05.2026 21:58 Last: 12.05.2026 21:58 Sources 1

About this happening: **Microsoft** released **Windows 10 KB5087544** for **Windows 10 ESU/LTSC systems**, addressing **May 2026 Patch Tuesday vulnerabilities** and a **Remote Desktop warnings** issue....

Open Happening

Timeline

  1. 21.10.2025 19:56 1 articles · 7mo ago

    Windows updates add SID checks that block duplicate-SID authentication

    Mitigation Patch Update

    Windows updates released on and after August 29, 2025 add security protections that enforce checks on Security Identifiers, blocking authentication handshakes when cloned Windows installations share duplicate SIDs and were not prepared for imaging with Sysprep.

    Show sources
    Open in new tab
  2. 21.10.2025 19:56 2 articles · 7mo ago

    Microsoft confirms duplicate-SID authentication failures and gives workarounds

    Initial Disclosure

    Microsoft confirmed in a support document published on Tuesday that Kerberos and NTLM authentication can fail across devices with duplicate SIDs, producing failed logins, access denied errors, SEC_E_NO_CREDENTIALS entries, and broken Remote Desktop connections on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. Administrators are told to rebuild duplicated systems with supported cloning methods or temporarily install and configure a special Group Policy obtained through Microsoft Support for business.

    Show sources
    Open in new tab