Microsoft Releases an Out-of-Band Update for Windows 10 v1809
Microsoft has released KB4594442 (Build 17763.1579) for Windows 10 version 1809, out of the monthly update schedule. Windows 10 out-of-band update fixes the Kerberos authentication issue related to the implementation of CVE-2020-17049 reported earlier. This problem also affects other versions of the operating system, including the May 2020 Update and November 2020 Update. However, fixes aren't yet out for those versions.
Windows 10 update (KB4594442 - Build 17763.1579) includes the following quality improvement
Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.