Overview
KB5035857, released on March 12, 2024, is a security update for Windows Server 2022, specifically targeting OS Build 20348.2340. This update introduces several quality improvements and addresses various issues affecting system performance and functionality. Notably, it enhances the Active Directory domains that host mobile device management (MDM) providers, allowing them to transition from Compatibility mode to Enforcement mode for strong certificate mapping. This transition enables the Active Directory Key Distribution Center (KDC) to read user security identifiers (SIDs) from the Subject Alternative Name (SAN), thereby improving security and management capabilities.
In addition to the improvements, the update resolves issues related to the touch keyboard not appearing during the out-of-box experience (OOBE), failures in the troubleshooting process when using the Get Help app, and problems with Remote Desktop Web Authentication that may prevent connections to sovereign cloud endpoints. It also addresses a memory allocation issue in the Host Network Service (HNS) that leads to high memory usage, impacting service and pod deployment.
General Purpose
The primary purpose of KB5035857 is to enhance the security and functionality of Windows Server 2022. This update includes critical improvements for Active Directory domains, particularly for those utilizing mobile device management (MDM) providers. By enabling a transition to Enforcement mode for certificate mapping, it strengthens the security framework within which these domains operate. Furthermore, the update addresses several bugs that could hinder user experience, such as issues with the touch keyboard and Remote Desktop Web Authentication. It also improves memory management within the Host Network Service, which is crucial for maintaining optimal performance in service deployments.
General Sentiment
The general sentiment surrounding KB5035857 appears to be mixed. While many users appreciate the enhancements to security and functionality, there are notable concerns regarding the known issues associated with the update. Specifically, the memory leak in the Local Security Authority Subsystem Service (LSASS) on domain controllers has raised alarms, as it can lead to system crashes and unscheduled reboots. This has led to a cautious approach among IT professionals, with some recommending the installation of the subsequent KB5037422 to mitigate these risks. Overall, while the update brings valuable improvements, the presence of significant known issues tempers the enthusiasm.
Known Issues
- Following installation, the Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs), particularly affecting Kerberos authentication requests.
- Extreme memory leaks can cause LSASS to crash, resulting in unscheduled reboots of domain controllers.
- This issue is addressed in the subsequent update KB5037422.
Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2024-12-22 03:14 AM