Microsoft has released KB4594442 (OS Build 17763.1579) for Windows 10, version 1809, Windows Server version 1809, and Windows Server 2019.

November 17, 2020—KB4594442 (OS Build 17763.1579) Out-of-band

Highlights

• Updates an issue that might cause Kerberos authentication and ticket renewal issues that are related to the implementation of  CVE-2020-17049.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

• Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in  CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):

  • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
  • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
  • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

November 17, 2020—KB4594442 (OS Build 17763.1579) Out-of-band