Microsoft has released more Out of Band Updates for Windows 10 for a security vulnerability in Kerberos authentication which could let a hacker bypass authentication.
Microsoft had released the fix for Windows 10 1809 a few days ago, and today’s update releases the same fix for Windows 10 20H2, 2004, 1909, 1903, and 1607.
The changelog reads:
- Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
The fix is currently only available from the Update Catalogue, with the links below:
- KB4594440 20H2 / 2004 Update Catalog
- KB4594443 1909 / 1903 Update Catalog
- KB4594441 1607 Update Catalog