Microsoft originally planned to release the third phase of the Kerberos patch during the Patch Tuesday event in April. However, Microsoft has now announced that it will be postponed to June 13, 2023.
The Kerberos patch for Windows 11 was deployed in Phase 1 in November and Phase 2 in December. According to the latest official news from Microsoft, the deployment of Phase 3 will be postponed until June.
The Kerberos authentication problem encountered by Win10 and Win11 devices this time occurred after installing the cumulative update released on the November Patch Tuesday event day this year, resulting in domain user login failures, domain user remote desktop connection failures, and printing may require domain user certification.
The official explanation is translated as follows:
Each stage increases the default minimum value of security hardening changes for CVE-2022-37967, with incremental increases to reduce the impact of this vulnerability on the environment.
Previously it was possible to disable adding PAC signatures by setting the KrbtgtFullPacSignature subkey to 0. The third-stage patch for Kerberos disables this, forcing the KrbtgtFullPacSignature subkey to have a value of 1.
