Emergency Windows 10 update plugs a serious security hole

News
By published

Windows 10 update closes off vulnerability that could allow hackers to bypass authentication

security
(Image credit: Shutterstock / binarydesign)

Microsoft has deployed an out-of-band Windows 10 update designed to remedy a security flaw affecting all supported versions of the operating system.

The update consists of a handful of different fixes, all of which are geared towards addressing issues with authentication protocol Kerberos that could allow an attacker to bypass security protections.

The fix was published for enterprise users running Windows 10 1809 earlier in the week, but has now arrived for versions 20H2, 2004, 1909, 1903 and 1607 as well.

Windows 10 update

According to a Microsoft support post, the Kerberos authentication issue was caused by a bug in a patch (for CVE-2020-17049) delivered this month as part of the company’s regular update schedule.

“After installing KB4586781 on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication issues,” explained the firm.

“There are three registry setting values for PerformTicketSignature to control it, but in the current implementation you might encounter different issues with each setting.”

Setting the PerformTicketSignature value to 0 is said to cause authentication issues when using S4U scenarios (e.g. scheduled tasks/clustering), value 1 could bring about ticket renewal failures, while value 2 will cause problems in environments where not all DCs are updated.

Thankfully, these problems are exclusive to Windows Servers,  Windows 10 devices and applications running in enterprise environments, so everyday users need not worry in this instance.

Administrators, however, must install the latest out-of-band update (KB4594440) manually by searching for the package via the Microsoft Update Catalog; it is not available through the Windows Update service and will not be installed automatically.

Via MSPowerUser

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in News
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
Hornet swings their weapon in mid air
Hollow Knight: Silksong could potentially launch this year and I reckon it could be a great game for an Xbox handheld
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
Apple iPhone 16 Pro Max Review
Siri's chances to beat ChatGPT just got a whole lot better
More about security
ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
Data leak

Top collectibles site leaks personal data of nearly a million users
I Hate This Place artwork

Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
See more latest
Most Popular
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket
Ryzen AI Max+ 395
Obscure Chinese PC vendor gets preferential AMD treatment as Lisa Su signs first desktop PC with Ryzen AI Max+ 395 ahead of May launch
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
SanDisk Slim Dual Drive
This is the first 2TB dual-port external SSD ever and it's not as expensive as you may think
Bimawen B15.6 TV Pro
A sign of things to come? This portable monitor comes with Google TV, a remote control and a very well hidden Android PC
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Kioxia LC9 2.5 SSD
After 7 years, Exadrive's 100TB 2.5-inch SSD is finally superseded by a far superior 122.88TB model from Kioxia
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average