Microsoft is engaged on a repair for a bug it launched with the most recent Patch Tuesday cumulative updates.
In a safety advisory revealed earlier this week, the tech large mentioned that putting in the April 11 cumulative updates, KB5025224 and KB5025239, breaks a function often known as Home windows Native Administrator Password Answer (LAPS).
Though it is not in the identical league as the very best password supervisor, this function does assist directors handle passwords for native admin accounts on Azure Energetic Listing-joined, or Home windows Server Energetic Listing-joined units, by rotating and backing them as much as AD area controllers mechanically, BleepingComputer experiences.
Workaround obtainable
This month, the Patch Tuesday replace contains the mixing of Home windows LAPS on Home windows 10, Home windows 11, and Home windows Server 2019. However making use of the patch breaks each legacy LAPS and new LAPS.
“There’s a legacy LAPS interop bug within the [..] April 11, 2023 replace. If you happen to set up the legacy LAPS GPO CSE on a machine patched with the April 11, 2023 safety replace and an utilized legacy LAPS coverage, each Home windows LAPS and legacy LAPS will break,” Microsoft mentioned. “Signs embody Home windows LAPS occasion log IDs 10031 and 10032, in addition to legacy LAPS occasion ID 6. Microsoft is engaged on a repair for this situation.”
A patch continues to be within the works, so the one method to handle the difficulty is through a workaround. In response to Microsoft, admins can both uninstall legacy LAPS or delete all registry values underneath the HKLMSoftwareMicrosoftWindowsCurrentVersionLAPSState registry key.
LAPS will now develop into native to Home windows and shall be up to date by means of the usual Home windows replace course of, Microsoft confirmed.
“Beginning with the April 11, 2023 safety replace, LAPS is natively built-in into Home windows with new capabilities for on-premises AD situations and forthcoming Azure Energetic Listing advantages (at present in non-public preview),” the advisory reads.
“A few of the new options embody wealthy coverage administration, automated rotation, devoted occasion log, new PowerShell module, hybrid-joined help, and extra.”
By way of: BleepingComputer (opens in new tab)