Windows 10, update KB4594442 is coming, what’s new?

Microsoft has just released a new Windows 10 cumulative update. KB4594442 addresses a major bug affecting OS version 1809.

This deployment is interesting because Windows 10 v1809 is no longer supported by Microsoft. The maintenance of the Home and Pro editions is no longer ensured so that no further security improvements should concern them. However, the cumulative update KB4594442 arrives to correct a problem. Microsoft explains that the goal is to resolve a Kerberos authentication bug. On the official KB page the giant explains

“KB4594442 addresses Kerberos authentication issues related to the PerformTicketSignature registry subkey value in CVE-2020-17049 […].»

The bug can cause three different problems, details of which are available at the end of the article.

Other than this hotfix, there is nothing new in this cumulative update. Users are encouraged to install it because it addresses a security issue. However, we have a known issue that affects devices with certain Asian language packs installed. Redmond specifies that its teams are working on a fix. It is scheduled for release but we have no further details.

Windows 10 and KB4594442 release note

  • Updates an issue that might cause Kerberos authentication and ticket renewal issues that are related to the implementation of CVE-2020-17049.

Improvements and fixes

This non-security update includes quality improvements. Key changes include:

  • Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC):
    • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
    • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
    • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.