Patch Tuesday March 2015 – Problems with KB3002675

Microsoft-LogoMicrosoft patch KB3002675 (MS15-027) is intended to prevent an attacker from impersonating other users via a vulnerability in NETLOGON.  But in doing so, it breaks NTLM authentication for some people making this an especially risky install on a domain controller.  People have reported authentication issues with SMB shares,  EMC Isilon clusters, Outlook, SharePoint, McAfee EPO, monitoring tools such as PRTG.

Simply doing a second reboot after this patch is applied has resolved issues for some, including for a couple of our own servers.  But for the rest, only uninstalling that patch will fix the issues.

With other recent patch issues including reported problems with KB3033929 and KB3033395,  it seems to me that Microsoft’s quality control on their patches has slipped since Satya Nadella took over.