Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates.
This is the list of Identity-related updates and fixes we saw for October 2022:
Windows Server 2016
We observed the following updates for Windows Server 2016:
KB5018411 October 11, 2022
The October 11, 2022 update for Windows Server 2016 (KB5018411) updating the OS build number to 14393.5427, is a monthly cumulative update that includes the following Identity-related improvements:
- It introduces a Group Policy setting that enables or disables Microsoft HTML Application (MSHTA) files.
- It addresses an issue that affects a primary Active Directory Federation Services (AD FS) node. It might fail to register or update its heartbeat. Because of this, the node is removed from the farm.
- It addresses an issue that affects a Server Message Block (SMB) multichannel connection. This issue might lead to stop error 13A or C2.
- It addresses a known issue that might affect file copies that use Group Policy Preferences. They might fail or might create empty shortcuts or files that have 0 (zero) bytes.
KB5010439 October 18, 2022 Out of Band
The October 18, 2022 update for Windows Server 2016 (KB5020439) updating the OS build number to 14393.5429, is an out of band update that addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures.
Windows Server 2019
We observed the following updates for Windows Server 2019:
KB5018419 October 11, 2022
The October 11, 2022 update for Windows Server 2019 (KB5018419) updating the OS build number to 17763.3532, is a monthly cumulative update that includes the following Identity-related improvements:
- This update turns off Transport Layer Security (TLS) 1.0 and 1.1 by default in Microsoft browsers and applications.
- It introduces a Group Policy setting that enables or disables Microsoft HTML Application (MSHTA) files.
- It addresses an issue that affects non-Windows devices. It stops these devices from authenticating. This issue occurs when they connect to a Windows-based remote desktop and use a smart card to authenticate.
- It addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop working on a domain controller for a child domain. This might occur when you lose the connection to a domain controller in the parent domain while you are searching for a name that is in many forests or a security identifier (sID).
- It addresses an issue that affects Group Policy Objects (GPOs). Because of this, the system might stop working.
- It addresses a known issue that might affect file copies that use Group Policy Preferences. They might fail or might create empty shortcuts or files that have 0 (zero) bytes.
KB5020438 October 17 Out of Band
The October 17, 2022 update for Windows Server 2019 (KB5020438) updating the OS build number to 17763.3534, is an out of band update that addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures.
Windows Server 2022
We observed the following updates for Windows Server 2022:
KB5018421 October 11, 2022
The October 11, 2022 update for Windows Server 2022 (KB5018421) updating the OS build number to 20348.1129, is a monthly cumulative update that includes the following Identity-related improvements:
- This update introduces WebAuthn redirection. It lets you authenticate in apps and on websites without a password when you use Remote Desktop. Then, you can use Windows Hello or security devices, such as Fast Identity Online 2.0 (FIDO2) keys.
- It addresses an issue that affects cached credentials for security keys and FIDO2 authentications. On hybrid domain-joined devices, the system removes these cached credentials.
- It introduces a Group Policy setting that enables or disables Microsoft HTML Application (MSHTA) files.
- It addresses an issue that affects Group Policy Objects (GPOs). Because of this, the system might stop working.
- It addresses an issue that affects non-Windows devices. It stops these devices from authenticating. This issue occurs when they connect to a Windows-based remote desktop and use a smart card to authenticate.
- It addresses an issue that affects the Settings app on domain controllers. When you access System > Display, the Settings app stops working.
- It addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop working on a domain controller for a child domain. This might occur when you lose the connection to a domain controller in the parent domain while you are searching for a name that is in many forests or a security identifier (sID).
- It addresses a known issue that might affect file copies that use Group Policy Preferences. They might fail or might create empty shortcuts or files that have 0 (zero) bytes.
KB5020438 October 17 Out of Band
The October 17, 2022 update for Windows Server 2022 (KB5020436) updating the OS build number to 20348.1131, is an out of band update that addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures.
KB5018485 October 25 Preview
The October 25, 2022 update for Windows Server 2022 (KB5018485) updating the OS build number to 20348.1194 is a preview update that includes the following Identity-related improvements:
- It addresses an issue that affects Distributed Component Object Model (DCOM) authentication hardening. It automatically raises the authentication level for all non-anonymous activation requests from DCOM clients to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. This occurs if the authentication level is below Packet Integrity.
- It addresses a DCOM issue that affects the Remote Procedure Call Service (rpcss.exe). It raises the authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY instead of RPC_C_AUTHN_LEVEL_CONNECT if RPC_C_AUTHN_LEVEL_NONE is specified.
- It addresses an issue that affects the Microsoft Azure Active Directory (AAD) Application Proxy connector. It cannot retrieve a Kerberos ticket on behalf of the user. The error message is:
The handle specified is invalid (0x80090301)
- It improves Active Directory replication performance in large environments.
- It addresses an issue that affects the Forest Trust creation process. It fails to place the domain name system (DNS) name suffixes in the trust attributes. This issue occurs on devices that install January 11, 2022 or later updates.
- It addresses an issue that affects certificate mapping. When it fails, lsass.exe might stop working in schannel.dll.
Login