Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Windows updates break authentication on systems with duplicate SIDs

Service Disruption
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Windows updates released since August 29, 2025 are breaking Kerberos and NTLM authentication on systems with duplicate SIDs, disrupting Remote Desktop access and causing login failures on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. The change blocks authentication handshakes between cloned devices that share the same Security Identifier. Administrators are being told to rebuild affected systems with supported imaging methods or use a temporary Group Policy workaround.

Related Happenings

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Open Happening

Windows 10 KB5087544 extended security update

Security Patch Release
First: 12.05.2026 21:58 Last: 12.05.2026 21:58 Sources 1

About this happening: **Microsoft** released **Windows 10 KB5087544** for **Windows 10 ESU/LTSC systems**, addressing **May 2026 Patch Tuesday vulnerabilities** and a **Remote Desktop warnings** issue....

Open Happening

Microsoft security patch release for CVE-2023-43896

Security Patch Release
First: 04.05.2026 13:40 Last: 04.05.2026 13:40 Sources 1

About this happening: **Microsoft**'s **April 2026 Windows security updates** are blocking **psmounterex.sys**, which can break third-party backup apps on **Windows 10**, **Windows 11**, and **Windows...

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)

Security Patch Release
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...

Open Happening

Timeline

  1. 21.10.2025 19:56 1 articles · 7mo ago

    Windows updates add SID checks that block duplicate-SID authentication

    Mitigation Patch Update

    Windows updates released on and after August 29, 2025 add security protections that enforce checks on Security Identifiers, blocking authentication handshakes when cloned Windows installations share duplicate SIDs and were not prepared for imaging with Sysprep.

    Show sources
    Open in new tab
  2. 21.10.2025 19:56 2 articles · 7mo ago

    Microsoft confirms duplicate-SID authentication failures and gives workarounds

    Initial Disclosure

    Microsoft confirmed in a support document published on Tuesday that Kerberos and NTLM authentication can fail across devices with duplicate SIDs, producing failed logins, access denied errors, SEC_E_NO_CREDENTIALS entries, and broken Remote Desktop connections on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. Administrators are told to rebuild duplicated systems with supported cloning methods or temporarily install and configure a special Group Policy obtained through Microsoft Support for business.

    Show sources
    Open in new tab