On-premises Identity-related updates and fixes for February 2024

Reading Time: 2 minutes

Windows Serrer

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for February 2024:

 

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5034767 February 13, 2024

The February 13, 2024, update for Windows Server 2016 (KB5034767), updating the OS build number to 14393.6709, is a monthly cumulative update. It does not include Identity-related improvements.

 

Windows Server 2019

We observed the following update for Windows Server 2019:

KB5034768 February 13, 2024

The February 13, 2024, update for Windows Server 2019 (KB5034768), updating the OS build number to 17763.5458, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that affects a local account. You cannot sign in to an account that Windows LAPS manages. This occurs if you set the Require Smart Card for Interactive Logon policy.
  • This update changes a setting in the Active Directory Users and Computers MMC snap-in (dsa.msc). By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.

 

Windows Server 2022

We observed the following update for Windows Server 2022:

KB5034770 February 13, 2024

The February 13, 2024, update for Windows Server 2022 (KB5034770), updating the OS build number to 20348.2322, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that affects a local account. You cannot sign in to an account that Windows LAPS manages. This occurs if you set the Require Smart Card for Interactive Logon policy.
  • This update changes a setting in the Active Directory Users and Computers MMC snap-in (dsa.msc). By default, the snap-in now uses a strong certificate mapping of X509IssuerSerialNumber. It does not use the weak mapping of x509IssuerSubject.
  • This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It might stop working. This occurs when you access the Active Directory database.
  • This update addresses an issue that affects the Certificate Authority MMC snap-in (certsrv.msc). You cannot select the Delta CRL option. This stops you from using the graphical user interface to publish Delta certificate revocation lists (CRLs).

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.