Microsoft has released more Out of Band Updates for Windows 10 for a security vulnerability in Kerberos authentication which could let a hacker bypass authentication.

Microsoft had released the fix for Windows 10 1809 a few days ago, and today’s update releases the same fix for Windows 10 20H2, 2004, 1909, 1903, and 1607.

The changelog reads:

  • Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
    • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
    • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
    • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

The fix is currently only available from the Update Catalogue, with the links below:

via Neowin

Comments