Microsoft has released a new out-of-band Patch update KB4594440 for Windows 10 Versions 20H2 and 2004. The update KB4594440 with Build 19042.631/19041.631 brings fix for an issue that might cause Kerberos authentication and ticket renewal issues. Check the highlights and full changelog below.
- Updates an issue that might cause Kerberos authentication and ticket renewal issues that are related to the implementation of CVE-2020-17049.
All improvements and fixes:
This non-security update includes quality improvements. Key changes include:
Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
You can manually download this update by clicking here. If you need help in understanding how to install these updates manually on your PC, you can refer to our step by step noob-friendly tutorial here.