We are aware that after applying the latest Microsoft Windows security update/patch for 'CVE-2022-21907,' which was released on January 11th, 2022, customers using Blue Prism with Windows Authentication have reported that Blue Prism Interactive Clients/Runtimes are triggering an additional prompt for credentials; however, when these credentials are entered, it is resulting in the below error:
- Windows Authentication connection modes: 'SOAP security negotiation with 'http://XXXXXXXX:8199/bpserver' for target 'http://XXXXXXXXX:8199/bpserver' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: Either the client credential was invalid or there was an error collecting the client credentials by the SSP'
While the issue looks to be impacting customers using the 'Windows Authentication' connections to the Application Server on BP v6.3.0 through v6.10.4 and BP v7.0.1, further investigation is still underway to test all versions of Blue Prism. Therefore, this information could change. We are actively investigating this with our Product/Development teams with an urgent priority.
Please refer to this KB Article for more information. For any follow-up questions, please open a Support ticket.
An update regarding the latest Microsoft Windows security update/patch for 'CVE-2022-21907' (11-Jan 2022).
Blue Prism has released a solution/fix for this issue and is detailed in the following KB article on our Support Portal:
We highly encourage that you speak to your IT team for assistance in applying this fix/solution, and that you first test this solution in a non-production environment.
The latest article update provides details about the issue, investigation and solution. Please also check the additional information in the article after solution section, including guidance for customers with complex environments.
Head of Customer Support (Americas)