On-premises Microsoft Identity-related updates and fixes for April 2019

Windows Server

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for April 2019:

                    

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB4493473 April 25, 2019

The April 25, 2019 update for Windows Server 2016 (KB4493473) updating the Build number to 14393.2941 includes two Identity-related fixes:

  • It addresses a gradual memory leak in LSASS.exe on systems that have cached logon enabled. This issue mainly affects servers that process many interactive logon requests, such as web servers.
  • It also addresses an issue that causes Lightweight Directory Access Protocol (LDAP) client applications to stop responding for at least 30 seconds when many LDAP queries are requested through multiple connections. This occurs because of a race condition in wldap32.dll. You must install this update on the LDAP client that calls wldap32.dll.

Unfortunately, it also introduces a known issue:

  • Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) protocol may fail after installing this update. 

KB4493470 April 9, 2019

The April 9, 2019 update for Windows Server 2016 (KB4493470) updating the Build number to 14393.2906 includes one Identity-related fix:

  • It addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.

The big news in this update, however, are the 33 CVE-numbered vulnerabilities being fixed in the Operating System, including two vulnerabilities (CVE-2019-0803 and CVE-2019-0859) that are already being exploited in the wild. 7 vulnerabilities are rated ‘Critical’ and 26 are rated ‘Important’.

   

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB4493509 April 9, 2019

The April 9, 2019 update to Windows Server 2019 (KB4493509) brining the OS Build number to 17763.437 addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings. This issue was introduced with the April 2, 2019 update.

The big news in this updates, are the 36 vulnerabilities being fixed in the Operating System, including two vulnerabilities (CVE-2019-0803 and CVE-2019-0859) that are already being exploited in the wild. 8 vulnerabilities are rated ‘Critical’ and 28 are rated ‘Important’.

KB4490481 April 2, 2019

The April 2, 2019 update to Windows Server 2019 (KB4490481) bringing the OS Build number to 17763.404 includes the following Identity-related fixes:

  • It adds a new Group Policy setting called “Enable Windows to soft-disconnect a computer from a network”. This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network.
  • It addresses an issue that causes certificate renewal to fail when using CERT_RENEWAL_PROP_ID with the ICertPropertyRenewal interface.
  • It addresses minor issues with unknown options (unknown OPT) in the Extension Mechanisms for DNS (EDNS) for the Windows DNS Server role.

Unfortunately, it also introduces a known issue:

  • The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.