Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates.

These are the Identity-related updates and fixes we saw for November 2021:

Windows Server 2016

We observed the following updates for Windows Server 2016:

KB5007192 November 9, 2021

The November 9, 2021 update for Windows Server 2016 (KB5007192), updating the OS build number to 14393.4770 is a monthly cumulative update.

This security update addresses four Active Directory Elevation of Privilege vulnerabilities.

KB5008601 November 14, 2021 OUT Of Band

The November 14, 2021 update for Windows Server 2016 (KB5008601), updating the OS build number to 14393.4771 is an out of band update, addressing an issue that was introduced with KB5007192 that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self).

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB5007206 November 9, 2021

The November 9, 2021 update for Windows Server 2019 (KB5007206), updating the OS build number to 17763.2300 is a monthly cumulative update.

This security update addresses four Active Directory Elevation of Privilege vulnerabilities and includes the following Identity-related quality improvements:

• It addresses an issue that causes the DnsPsProvider.dll module to
  leak memory within a WmiPrvSE.exe process.

• It addresses a memory leak issue in lsass.exe on domain controllers
  in the forest root domain that occurs when you have multiple forests and
  multiple domains in each forest. The SID-Name mapping functions leak memory when
  a request comes from another domain in the forest and crosses forest
  boundaries.

KB5008601 November 14, 2021 OUT Of Band

The November 14, 2021 update for Windows Server 2019 (KB5008602), updating the OS build number to 17763.2305 is an out of band update, addressing an issue that was introduced with KB5007206 that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self).

KB5007266 November 22, 2021 PREVIEW

The November 22, 2021 update for Windows Server 2019 (KB5007266), updating the OS build number to 17763.2330 is a preview update.

It includes the following Identity-related quality improvements:

• It enables credentials for Azure Active Directory (Azure AD) users that use Active Directory Federation Services (AD FS) as their authentication method in Quick Assist.
• It addresses an issue that prevents the applications that you use often from appearing on the Start menu and prevents you from configuring them to appear on the Start menu using a Group Policy.

Windows Server 2022

We observed the following updates for Windows Server 2022:

KB5007205 November 9, 2021

The November 9, 2021 update for Windows Server 2022 (KB5007205), updating the OS build number to 20348.350 is a monthly cumulative update.

This security update addresses four Active Directory Elevation of Privilege vulnerabilities and includes the following Identity-related quality improvements:

• It addresses an issue that sometimes causes the lock screen to appear black
  if you set up slideshow.

• It addresses an issue in Safe Mode that prevents users from signing in if
  Web Sign-in is enabled.

• It addresses a reliability issue with LogonUI.exe, which affects the
  rendering of the network status text on the credentials screen.

• It addresses a memory leak issue in lsass.exe on domain controllers
  in the forest root domain that occurs when you have multiple forests and
  multiple domains in each forest. The SID-Name mapping functions leak memory when
  a request comes from another domain in the forest and crosses forest boundaries.

• It reduces the Lightweight Directory Access Protocol (LDAP) bind for CPU
  utilization.

• It addresses an issue that causes Server Message Block (SMB) Query Directory
  Requests to fail when the buffer size is large.

KB5007254 November 22, 2021 PREVIEW

The November 22, 2021 update for Windows Server 2022 (KB5007254), updating the OS build number to 20348.380 is a preview update.

It includes one Identity-related quality improvement: It addresses an issue that fails to apply machine Group Policy objects automatically at startup or in the background to devices on a domain that have certain processors.