Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows duplicate SID authentication failures mitigation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft issued remediation guidance for Windows systems with duplicate SIDs, after updates released since August 29, 2025 started breaking Kerberos and NTLM authentication. The issue affects Windows 11 24H2, Windows 11 25H2, and Windows Server 2025, causing login failures, Remote Desktop problems, and access denied errors. Microsoft says admins should rebuild affected systems or apply a temporary Group Policy workaround to restore authentication.

Related Happenings

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Open Happening

Microsoft Windows Update restricted-network download failure

Service Disruption
First: 19.05.2026 14:22 Last: 19.05.2026 14:22 Sources 1

About this happening: Microsoft's **Windows Update** is failing in **restricted network environments** after the **January 2026 optional non-security preview updates**, leaving affected systems unable...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows 11 25H2 BitLocker recovery fix (KB5089549)

Security Patch Release
First: 13.05.2026 18:42 Last: 13.05.2026 18:42 Sources 1

About this happening: Microsoft shipped **KB5089549** for **Windows 11 25H2** to fix a **BitLocker Recovery** problem that could trap devices after the **April 2026 security updates**. The issue involv...

Open Happening

Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)

Vulnerability
First: 13.05.2026 11:15 Last: 13.05.2026 11:15 Sources 1

About this happening: Microsoft’s **May Patch Tuesday** fixed **CVE-2026-41089**, a **critical** stack-based buffer overflow in **Windows Netlogon** that could let attackers gain **system privileges**...

Open Happening

Timeline

  1. 21.10.2025 19:56 1 articles · 7mo ago

    Windows updates enforce SID checks on duplicate-SID systems

    Technical Analysis Update

    Windows updates released on and after August 29, 2025 add security protections that enforce checks on Security Identifiers (SIDs), causing Kerberos and NTLM authentication to fail when devices have duplicate SIDs and disrupting remote desktop connections, login attempts, and access to network resources on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025.

    Show sources
    Open in new tab
  2. 21.10.2025 19:56 2 articles · 7mo ago

    Microsoft confirms duplicate-SID authentication failures and mitigation guidance

    Initial Disclosure

    Microsoft’s support document confirms Kerberos and NTLM authentication failures on devices with duplicate SIDs, identifies cloning or duplicating a Windows installation without Sysprep as a cause, and advises IT administrators to rebuild affected systems using supported cloning methods or temporarily install a special Group Policy obtained through Microsoft Support for business.

    Show sources
    Open in new tab