On-premises Identity-related updates and fixes for June 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates.

These are the Identity-related updates and fixes we saw for June 2021:

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB5003638 June 8, 2021

The June 8, 2021 update for Windows Server 2016 (KB5003638), updating the OS build number to 14393.4467 is a security update.

It addresses the CVE-2021-31962 vulnerability where a security buffer can be abused to set the target ServicePrincipalName of a ticket, bypassing the SPN check in lsass.exe. It partially addresses the CVE-2021-1675 vulnerability.

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB5003646, June 8, 2021

The June 8, 2021 update for Windows Server 2019 (KB5003646), updating the OS build number to 17763.1999 is a security update.

It addresses the CVE-2021-31962 vulnerability where a security buffer can be abused to set the target ServicePrincipalName of a ticket, bypassing the SPN check in lsass.exe. It partially addresses the CVE-2021-1675 vulnerability.

It includes the following identity-related quality improvements:

  • It addresses an issue in Active Directory (AD) Admin Center that displays an error when it lists many organizational units (OU) or container objects and PowerShell Transcription is enabled. The error message is:

Collection was modified after the enumerator was instantiated

  • It addresses a memory leak issue in PKU2U that causes cluster nodes to run out of memory.
  • It addresses an issue that fails to apply BitLocker encryption automatically using a Group Policy. This issue occurs on external drives that have a master boot record (MBR) active boot partition.
  • It addresses an issue that sometimes causes event log entries to appear corrupted for Microsoft-Windows-Kerberos-Key-Distribution-Center source and Event IDs 4933, 4928, and 4937.
  • It addresses an issue that fails to register a DNS update to an A record and a PTR when Azure virtual machines update against corporate DNS zones.

KB5003703, June 15, 2021 Preview

The June 15, 2021 update for Windows Server 2019 (KB5003703), updating the OS build number to 17763.2028 is a Preview update that includes the following identity-related quality improvements:

  • It addresses an issue in adamsync.exe that affects the syncing of large Active Directory subtrees.
  • It addresses an issue that might cause endless replication when you promote a new Domain Controller and the Active Directory Recycle Bin feature is enabled.
  • It addresses an error that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.