Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates.

These are the Identity-related updates and fixes we saw for October 2021:

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB5006669 October 12, 2021

The October 12, 2021 update for Windows Server 2016 (KB5006669), updating the OS build number to 14393.4704 is a monthly cumulative update.

This security update addresses three Active Directory vulnerabilities and three vulnerabilities in AD FS and includes the following Identity-related quality improvements:

• It addresses an issue that might prevent users from signing in to a domain controller using Directory Services Restore Mode (DSRM) over a Remote Desktop or a Hyper-V enhanced session.
• It addresses an issue that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.
• It addresses an issue regarding a non-paged pool (NPP) leak from the UxSF pool tag. This leak occurs when lsass.exe stops processing asynchronous Security Support Provider Interface (SSPI) calls.
• It adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the Package Point and Print – Approved Servers and Point and Print Restrictions Group Policy settings.

This update also introduces the RestrictDriverInstallationToAdministrators registry value with data configured as 1 in HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB5006672 October 12, 2021

The October 12, 2021 update for Windows Server 2019 (KB5006672), updating the OS build number to 17763.2237 is a monthly cumulative update.

This security update addresses three Active Directory vulnerabilities and three vulnerabilities in AD FS and includes the following Identity-related quality improvements:

• It addresses an issue that causes the system time to be incorrect by one hour after a daylight saving time (DST) change.
• It addresses an issue with a non-paged pool (NPP) leak from the UxSF pool tag. This leak occurs when lsass.exe stops processing asynchronous Security Support Provider Interface (SSPI) calls.
• It addresses an issue that causes the configuration for multiple artifact DB support across datacenters to fail for Security Assertion Markup Language (SAML) artifacts.
• It addresses an issue that causes the LsaLookupSids() function to fail. This occurs when there are security identifiers (SID) for users that no longer exist in a group that contains cross-domain trusted users.
• It addresses an issue that fails to apply the post_logout_redirect_uri= parameter when you use an External Claims Provider.
• It addresses an issue that might create duplicate built-in local accounts, such as an administrator or guest account, during an in-place upgrade. This issue occurs if you previously renamed those accounts. As a result, the Local Users and Groups MMC snap-in (lusrmgr.msc) appears blank with no accounts after the upgrade. This update removes the duplicate accounts from the local Security Account Manager (SAM) database on the affected machines. If the system detected and removed duplicate accounts, it logs a Directory-Services-SAM event, with ID 16986, in the System event log.
• It adds the ability to configure period or dot (.) delimited IP addresses interchangeably with fully qualified host names in the Package Point and Print – Approved Servers and Point and Print Restrictions Group Policy settings.

This update also introduces the RestrictDriverInstallationToAdministrators registry value with data configured as 1 in HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.

KB5006744 October 19, 2021 Preview

The October 19, 2021 update for Windows Server 2019 (KB5006744), updating the OS build number to 17763.2268 is a preview update.

It includes the following Identity-related quality improvements:

• It addresses an issue that causes the DnsPsProvider.dll module to leak memory within a WmiPrvSE.exe process.
• It addresses a memory leak issue in lsass.exe on domain controllers in the forest root domain that occurs when you have multiple forests and multiple domains in each forest. The SID-Name mapping functions leak memory when a request comes from another domain in the forest and crosses forest boundaries.

Windows Server 2022

We observed the following updates for Windows Server 2022:

KB5006699 October 12, 2021

The October 12, 2021 update for Windows Server 2022 (KB5006699), updating the OS build number to 20348.288 is a monthly cumulative update.

This security update addresses three Active Directory vulnerabilities and three vulnerabilities in AD FS.

KB5006745 October 26, 2021 Preview

The October 26, 2021 update for Windows Server 2022 (KB5006745), updating the OS build number to 20348.320 is a preview update.

It includes the following Identity-related quality improvements:

• It addresses an issue that sometimes causes the lock screen to appear black if you set up slideshow.
• It addresses an issue in Safe Mode that prevents users from signing in if Web Sign-in is enabled.
• It addresses a reliability issue with LogonUI.exe, which affects the rendering of the network status text on the credentials screen.
• It addresses a memory leak issue in lsass.exe on domain controllers in the forest root domain that occurs when you have multiple forests and multiple domains in each forest. The SID-Name mapping functions leak memory when a request comes from another domain in the forest and crosses forest boundaries.
• It reduces the Lightweight Directory Access Protocol (LDAP) bind for CPU utilization.
• It addresses an issue that causes Server Message Block (SMB) Query Directory Requests to fail when the buffer size is large.