Microsoft
MicrosoftHello, I have a domain made up of two Windows Server 2022, due to some problem the security update KB5019081 was not installed, the out-of-band update KB5021249 and the December 13 update KB5022291 were not installed either.
My big question is whether these updates that are starting the correction of Kerberos authentication and that culminate in October 2023 are cumulative with each other. That is, if my DCs do not have the November and December updates, but if they have had all the 2023 updates, I am on the right track to successfully reach the October 23 update. Or I am in a false belief. There is talk of an addition of PAC certificates and the creation of several registry keys, automatically that I cannot locate. The attempt to install the mentioned patches is impossible, since the system build is more current and it fails to install the .msu Is there any alternative way or I will have to re-migrate my DCs to correctly implement the security update sequence.I have also tried to install a Test domain, which I have installed the KB5019081 patch, I have not detected that the accounted registry keys were added automatically, which has left me surprised. And therefore I think it is very necessary to know if the security patches (KB5026370 May 9, 23) really solve the problem that already started on November 22.
Thank you
