On-premises Identity updates & fixes for July 2020

Windows Server

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for July 2020:

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB4565511 July 14, 2020

The July 14 update for Windows Server 2016 (KB4565511), updating the OS build number to 14393.3808 is a security update that includes some additional fixes.

It includes security updates to Microsoft Edge Legacy, Internet Explorer, the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Apps, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, the Microsoft Store, Windows Cloud Infrastructure, Windows Fundamentals, Windows Kernel, Windows MSXML, Windows File Server and Clustering, Windows Remote Desktop, Windows Update Stack, and the Microsoft JET Database Engine.

The most important security update is the update that addresses a critical Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350).

We’ve notified you on July 15th to install update KB4565511 as soon as possible on Domain Controllers acting as DNS Servers and other Windows Server-based DNS Servers, because of the severity of this vulnerability.

It also addresses an issue that causes lsass.exe to stop working on a Remote Desktop Services (RDS) host when you enable Remote Credential Guard. The exception code is

0xc0000374

Additionally, starting in July 2020, all Windows Updates will disable the RemoteFX vGPU feature because of a security vulnerability.

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB4558998 July 14, 2020

The July 14 update for Windows Server 2019 (KB4558998), updating the OS build number to 17763.1339 is a security update that includes some additional fixes.

It includes security updates to Internet Explorer, the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Apps, Microsoft Graphics Component, Windows Input and Composition, Windows Media, Windows Shell, the Microsoft Store, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows Fundamentals, Windows Management, Windows Kernel, Windows Update Stack, Windows MSXML, Windows File Server and Clustering, Windows Remote Desktop, and the Microsoft JET Database Engine.

The most important security update is the update that addresses a critical Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350).

We’ve notified you on July 15th to install update KB4565511 as soon as possible on Domain Controllers acting as DNS Servers and other Windows Server-based DNS Servers, because of the severity of this vulnerability.

It also addresses an issue that might cause lsass.exe to fail with the error message:

A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted.

KB4559003 July 21, 2020

The July 21 update for Windows Server 2019 (KB4559003), updating the OS build number to 17763.1369 is a non-security update that includes fixes:

  • It addresses an issue that prevents Event Viewer from saving a full set of filtered events when you filter by the date.
  • It addresses an issue that continues to display the previous username hint in the smart card sign in box after a different user has used the machine with domain credentials.
  • It addresses an issue that causes lsass.exe to stop working on a terminal server when you enable Remote Credential Guard. The exception code is

0xc0000374.

  • It addresses an issue that might prevent applications from running as expected on Active Directory Federation Services 2019 (AD FS 2019) clients. This occurs when applications use an iFrame during non-interactive authentication requests and receive the X-Frame-Options header set to DENY.
  • It addresses an issue that incorrectly reports Lightweight Directory Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method.
  • It updates the message users receive that tells them to check their phone for notifications from the Microsoft Authenticator application. This message only appears when authentication is done using the AD FS Azure Multi-Factor Authentication (MFA) adapter.
  • It updates dcpromo.exe to remove the "Network access: Restrict clients allowed to make remote calls to SAM" policy on member servers when they are promoted to Active Directory Domain Controllers. This allows clients to make Security Accounts Manager (SAM) connections to these Domain Controllers.
  • It addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate.
  • It addresses an issue that occurs when a standalone Remote Desktop Session (RDS)host allows multiple sessions per user. After disconnecting from a session, if you attempt to reconnect to the original session, the server creates a new session instead.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.