Microsoft is working to fix a bug in last week's update KB4586786 that caused a bug in the Kerberos Key Distribution Center (KDC) security feature.
Microsoft has highlighted the issue that affects systems they have install patch KB4586786 for CVE-2020-17049 error, one of 112 vulnerabilities encountered in Patch Tuesday, November 2020.
Kerberos is a widely used client-server authentication protocol Operating Systems, including Windows. Microsoft tried to fix a bypass in Kerberos KDC, one ability which handles tickets for encrypting messages between server and client.
"After installing KB4586786 on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you may experience Kerberos authentication problems," Microsoft said in a statement. issues for all supported versions of Windows 10.
"This is due (to a problem) to the way CVE-2020-17049 was delivered in these updates."
The patch only affects Windows Servers, Windows 10 devices, and applications in corporate environments, according to Microsoft.
Microsoft addresses the vulnerability by changing the way KDC validates service tickets used with Kerberos Constrained Delegation (KCD) because there was an issue bypass how the KDC determines whether a service token can be used to authorize the KCD.
Microsoft explains that there are three registry configuration values - 0, 1, and 2 - for PerformTicketSignature for control, but administrators may experience different issues with each regulation.
"We are analyzing the information and will provide an update as soon as more information is available," Microsoft said.
Microsoft has also revised its update instructions. Administrators are advised to locate the KDC registry subkey and, if present in the system, make sure that it is set to 1. Next, the managers must complete development on all DCs - and Read-Only DCs.
“Note that following our original instructions for using the 0 setting could cause problems with the feature S4USer of Kerberos. "We are working to address this issue."