[German]Security researchers have disclosed the Blast RADIUS vulnerability. In this context, Microsoft has released security updates for its Windows systems. I have now received a user report that certain Radius authentications no longer work after installing the July 2024 updates. Here is an overview and the question of whether this is an isolated case or whether there are other cases.
Advertising
The Blast RADIUS vulnerability
Recently, security researchers discovered the vulnerability CVE-2024-3596 in the RADIUS network protocol. The vulnerability makes it possible to log into a network using the RADIUS network authentication protocol without further authentication. The vulnerability, called Blast-RADIUS, could jeopardize network security in companies because RADIUS network authentication can be circumvented.
Exploitation of this vulnerability is currently considered unlikely (the effort involved is still quite high). But Microsoft has provided the Windows versions still in support with security updates as of July 9, 2024 to mitigate the Blast RADIUS vulnerability. I addressed this topic in the blog post Blast RADIUS attack enables RADIUS authentication to be bypassed.
Problems with RADIUS authentication after updates
Daniel contacted me by email on July 12, 2024 because he had encountered problems in his company environment. He writes that the Microsoft update probably causes even more problems [than have been mentioned in various blog posts]. Regarding the emerging Radius issue, the update destroys Radius authentications.
Daniel describes that in his case it is the login to the Checkpoint Smartconsole, which is required to manage the Checkpoint products. In the reader's company environment, the login authentication was implemented using Windows Radius Server (NPS).
Since the installation of the July 2024 Windows update, this login no longer works. However, according to blog readers, the event log shows that the Radius server accepts the Checkpoint request and responds positively, i.e. grants access.
Advertising
A user has written in the Checkpoint forum that he has already opened a ticket. There is also a workaround, which can be found in the official Microsoft article:
This configuration enables NPS Proxy to drop potentially vulnerable response messages without the Message-Authenticator attribute. To add an exception to exclude a server from requireauthmsg validation, run the following command:
netsh nps set requiremsgauth remoteservergroup = <remote server group name> address = <server address> exception = "yes"
However, the reader has not yet activated this function, so the Radius server should not reject anything. Daniel concluded his email with the following note: "Perhaps our problem is reason enough to ask blog readers whether they have had problems with Windows Radius servers and third-party devices in general since the Windows update.
Similar articles:
Microsoft Security Update Summary (July 9, 2024)
Patchday: Windows 10/Server Updates (July 9, 2024)
Patchday: Windows 11/Server 2022-Updates (July 9, 2024)
Windows Server 2012 / R2 und Windows 7 (July 9, 2024)
Microsoft Office Updates (July 9, 2024)
Windows 10/11 updates (e.g. KB5040442) trigger Bitlocker queries (July 2024)
Windows July 2024 updates break remote connections
Windows 11 update KB5040442 causes issues with Outlook 2021
July 2024 security update KB5040427 crashes Windows 10/Server LPD printing service
Blast RADIUS attack enables RADIUS authentication to be bypassed
Advertising
Seit Juli Update haben wir ebenfalls Probleme mit WLAN Logins. Eine Verbindung mit einigen der SSIDs schlägt fehl ( Keine Verbindung mit diesem Netzwerk möglich ). Wir benutzen ebenfalls Radius. Wir sind noch in der Analyse, es scheint aktuell einer der beiden Server betroffen.
try to remove the July updates from the Radius server.
for us, it worked.