Reminder: The Third deployment phase for CVE-2022-37967 starts with updates released April 11, 2023
Security hardening changes needed on Domain Controllers in IT environments to address CVE-2022-37967 will enter the Third deployment phase with the release of updates on April 11, 2023, as outlined in KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967. Each phase raises the default minimum for the security hardening changes for CVE-2022-37967 and your environment must be compliant before installing updates for each phase onto your Domain Controller.
If you are using the workaround to disable PAC signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0, you will no longer be able to use this workaround after installing updates released April 11, 2023. Your apps and environment will need to at least be compliant with KrbtgtFullPacSignature subkey to a value of 1 to install these updates on your Domain Controllers…
