KLA11699
Windows Hello for Business Security update
Обновлено: 22/05/2020
Дата обнаружения
03/12/2019
Уровень угрозы
Warning
Описание

After a user sets up Windows Hello for Business (WHfB), the WHfB public key is written to the on-premises Active Directory. The WHfB keys are tied to a user and a device that has been added to Azure AD, and if the device is removed, the corresponding WHfB key is considered orphaned. However, these orphaned keys are not deleted even when the device it was created on is no longer present. Any authentication to Azure AD using such an orphaned WHfB key will be rejected. However, some of these orphaned keys could lead to the following security issue in Active Directory 2016 or 2019, in either hybrid or on-premises environments.

Пораженные продукты

Windows

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
ADV190026
Связанные продукты
Microsoft Windows
Microsoft official advisories
Microsoft Security Update Guide