November 17, 2020—KB4594442 (OS Build 17763.1579) Out-of-band
Highlights
- Updates an issue that might cause Kerberos authentication and ticket renewal issues that are related to the implementation of CVE-2020-17049.
Improvements and fixes
This non-security update includes quality improvements. Key changes include:
Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
November 17, 2020—KB4594442 (OS Build 17763.1579) Out-of-band
Microsoft has released KB4594442 (OS Build 17763.1579) for Windows 10, version 1809, Windows Server version 1809, and Windows Server 2019.