A new patch is rolling out to Windows 10 2004 and 20H2 today on 19 November 20 20. Mainly this update focuses on Kerberos authentication and ticket renewal issues.
KB4594440 is the Out-of-band release which increases the version number of 2004 to 19041.631 and 20H2 to 19042.631. See – Windows 10 Cumulative Updates List.
KB4594440 Windows 10 2004 and 20H2 non-security update
Here is the changelog –
Windows 10 2004
- The non-security patch KB4594440 addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049. This is a part of the November 10, 2020, Windows update. The below-written issues might occur on writable and read-only domain controllers (DC) –
- The first one is, when PerformTicketSignature is configured to 1 (the default), the Kerberos service tickets, as well as ticket-granting tickets (TGT), might not renew for non-Windows Kerberos clients.
- Services for line-of-business applications, clustering, scheduled tasks (Service for User (S4U) scenarios examples) might fail for all clients when PerformTicketSignature is configured to 0.
- And the last is, S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is configured to 1.
Windows 10 20H2
- This patch contains all the improvements from Windows 10 2004.
If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
|IME users for Chinese or Japanese languages ??might encounter problems when trying various tasks. You might have problems with input, get unexpected results, or might be unable to enter text.||See here – KB4564002|
|When you install Windows 10 1809 or greater to a later version System and user certificates might go missing. This will occur on the devices which have installed the September 16, 2020 or later patch. When they proceed to update to a greater version using media or an installation source that did not install an LCU released October 13, 2020 or later integrated. This primarily occurs when managed devices are updated using outdated bundles or media through an update management tool for example, Microsoft Endpoint Configuration Manager or WSUS. This might also take place when using outdated physical media or ISO images that do not have the latest updates integrated.|
Remark – Devices using Windows Update for Business or that connect straight to Windows Update are not impacted. Any device connecting to Windows Update should always get the latest versions of the feature update, including the latest LCU, without any additional steps.
|If you have already experienced this issue, you can solve it within the uninstall window by rolling back to your previous version through the guidelines here. The uninstall window might be 30 or 10 days based on the configuration of your environment and the version you’re updating to. Afterward, you will have to update to the greater version once the issue is resolved in your environment. Remark – Within the uninstall window, you have the ability to increase the number of days y for rolling back to previous version via the DISM command / Set-OSUninstallWindow. You necessarily have to make this change before the default uninstall window has lapsed. For the detail, read on DISM operating system uninstall command-line options.|
They are trying for a resolution and will deliver updated bundles and refreshed media in the coming weeks.
How to download KB4594440 and install
First of all, ensure that you have installed the SSU KB4586864. Then follow any of the following methods –
Via Windows update
Click the – Start.
Type updates and hit Enter.
Click – Check for updates.
Restart to perform the installation.
2. Through Microsoft update catalog (manual)
Go to the KB4594440 direct download link – https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594440
Download the relevant file for your computer and install it.