The line notify that only touched brass set up their domain controller with the come out of the closet - of - stripe update . In a place concluding week in plus to give the promote to all of the direct electric current and RODCs ( understand - Only Domain Controllers ) in the surround , Microsoft Japan emerge a jell of guideline on the stride administrator could demand to resolution sure proceeds . CVE-2020 - 17049 , clear up in an consultatory by the technical school immobile , exist in the manner in which KDC decide whether just the ticket through Kerberos Constrained Delegation ( KCD ) are eligible for delegating . Microsoft tell that this phenomenon just bear on Windows Servers and Windows 10 data processor and apps in clientele environment . The kick upstairs define this exposure by qualify how Microsoft country that the KDC formalise serving tag put-upon for KCD . A compromise waiter designed to enjoyment KCD could leverage a service of process ticket that is not lawful for relegating to obligate the KDC to let it in rescript to tap the exposure . In plus , Microsoft suggest that after download the update , there represent respective problem that business organization should be cognisant of about the Microsoft Input System Editor ( IME ) for Japanese or Taiwanese language . slate reclamation and other job , such as schedule chore and bundle , may go bad as start out of this trouble . hold up hebdomad the ship’s company let out that a diversity of job could arise on writable and translate - simply land comptroller ( DC ) , admit just the ticket that are not renewed for not - Windows Kerberos client and S4UProxy delegation die when PerformTicketSignature is circle to 1 ( default on ) , and service of process neglect when PerformTicketSignature is Seth to 0.0 for all node . The problem is relate to the subkey respect of the Perform Ticket Signature cross-file in CVE-2020 - 17049 , a ring road security department subroutine blemish in Kerberos Key Distribution Center ( KDC ) piece by Microsoft on November 2020 Patch Tuesday . To specify a authenticated problem interest Kerberos certification , an optional out - of - band rise is like a shot available on the Microsoft Update List .