Microsoft released Windows 10 Cumulative Update with urgent Kerberos fix

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft Windows 10

Microsoft has released more Out of Band Updates for Windows 10 for a security vulnerability in Kerberos authentication which could let a hacker bypass authentication.

Microsoft had released the fix for Windows 10 1809 a few days ago, and today’s update releases the same fix for Windows 10 20H2, 2004, 1909, 1903, and 1607.

The changelog reads:

  • Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
    • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
    • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
    • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

The fix is currently only available from the Update Catalogue, with the links below:

via Neowin

More about the topics: kerberos, windows 10