Microsoft released Windows 10 Cumulative Update with urgent Kerberos fix
1 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft has released more Out of Band Updates for Windows 10 for a security vulnerability in Kerberos authentication which could let a hacker bypass authentication.
Microsoft had released the fix for Windows 10 1809 a few days ago, and today’s update releases the same fix for Windows 10 20H2, 2004, 1909, 1903, and 1607.
The changelog reads:
- Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
The fix is currently only available from the Update Catalogue, with the links below:
- KB4594440Â 20H2 / 2004Â Update Catalog
- KB4594443 1909 / 1903 Update Catalog
- KB4594441 1607Â Update Catalog
via Neowin
User forum
0 messages