This update resolves the following issue:
Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC) :
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
Known issues in this update
We are currently not aware of any issues that affect this update.
How to get this update
Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
We strongly recommend that you install the latest servicing stack update (SSU) before you apply this update. The latest SSU for your version of Windows can be found in ADV990001 | Latest Servicing Stack Updates.
For information on SSUs, see the following articles:
- Servicing stack updates
- Servicing Stack Updates (SSU): Frequently Asked Questions
- ADV990001 | Latest Servicing Stack Updates
Learn about the terminology that Microsoft uses to describe software updates.