Last week, Microsoft ended support for Windows 10 version 1809, at least for Home and Pro SKUs. But here we are just over a week later and there's already an important security fix rolling out for that particular version of the OS (no other versions got updates).
Updates an issue that might cause Kerberos authentication and ticket renewal issues that are related to the implementation of CVE-2020-17049.
Here's the full list of improvements and fixes:
- Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
Note that while this is important enough to merit a mid-stream update rather than waiting until next month's Patch Tuesday, you can't get it through Windows Update. The only way to install this is by using the link above to download and install it manually.