Core Points - Microsoft will officially stop technical support for two specific registry keys in Windows domain controllers starting from September 9, 2024, as part of its "Patch Tuesday" updates [1][3] - This decision aims to address multiple high-risk vulnerabilities related to the Kerberos authentication protocol that were disclosed previously [3] Vulnerabilities Details - The adjustments involve three vulnerabilities identified as CVE-2022-34691, CVE-2022-26931, and CVE-2022-26923, all associated with the Kerberos authentication protocol used in Windows domain controllers [3] - Kerberos is the core authentication mechanism for Windows Active Directory, and if exploited, attackers could bypass authentication processes to gain domain administrator privileges or forge tickets for lateral movement [3] - Microsoft had released patches for these vulnerabilities in August 2022 but retained temporary support for certain registry keys to maintain compatibility with older systems [3] Recommendations and Implications - Following the disclosure of these vulnerabilities in 2022, Microsoft advised enterprises to disable the affected features to mitigate risks, although some legacy systems still relied on these registry keys [3] - With the upcoming update on September 9, the related configurations will no longer be effective, and systems will be required to use Kerberos implementations that meet the latest security standards [3]