Friday, May 24, 2024

Microsoft Windows 11 loses access to certificate private keys


Apparently, there is a bug in the handling of certificates in Windows 11, which many companies are currently switching to. Many organizations use certificate-based authentication to access networks or resources within them. Especially when connecting from insecure networks, the use of a VPN is a common thing nowadays.

Like its predecessors, Windows 11 offers two certificate stores to store such VPN certificates: a computer certificate store and a user certificate store. In addition to trusted root or intermediate certificate authorities, this also includes your own certificates.

The problem now is that according to reports from some administrators, after changing the user password in Active Directory and then rebooting no more access to own certificates exists in the user certificate store. only one A new import helped in some cases.. Even a private key marked as exportable could not be accessed.

Based on current knowledge, the error only appears with Active Directory clients in combination with specially imported user certificates. Standalone PCs without domain integration do not appear to be affected.

Behavior is leading especially in times of pandemic to massive problems when using certificate-based VPNs, but also in WLAN and LAN networks authenticated with user certificates. Applications with certificate-based client authentication are also affected. According to forum posts, early admins are already breaking the Win 11 release due to the issue.

iX asked Microsoft for a statement, but only received information on May 5 that the manufacturer was “in the process of looking at the issue more closely.” Apparently the search for the cause is ongoing, especially since the error only occurs if the client, for example in the home office, has no connection to the AD immediately after changing the password (as of May 9, 2022 at 2 pm).

[Update: 09.05.2022 – 14:50 Uhr] According to a previous version of this message, a patch already exists for the problem described. Apparently that’s not the case yet.

More from iX Magazine

More from iX Magazine

More from iX Magazine


to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:


More like this

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...