MicrosoftHi geulate,
we found one important thing in our ADCS environment. Certificate created from offline template(supply in the Request) also showing newly introduced OID attribute and user/account's SID is incorporated in the certificate. How this is possible or I am missing something.
Note: in the M/S article https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey&articleFooterSupportBridge=communityBridge , it was mentioned that "https://social.technet.microsoft.com/wiki/contents/articles/53249.active-directory-certificate-services-enterprise-ca-architecture.aspx (CA) will start adding a new non-critical extension with Object Identifier (OID) (1.3.6.1.4.1.311.25.2) by default in all the certificates issued against online templates after you install the May 10, 2022 Windows update. "
or this statement is not relevant at all. OID attribute has been incorporated with all type certificate templates in ADCS. Also one doubt is whether this KB article/ vulnerability is true for those certificates which has been issued from any third party CA for any organization where there is no link to get user/computer SID info to the third party CA for that requested user/computer account.
Please help us to clarify the points.
anyone can answer on my questions/doubts.
