KB5035857: Various security improvements
Improvements
- The update affects Active Directory domains that host mobile device management (MDM) providers. They can transition from “Compatibility mode” to the strong certificate mapping “Enforcement mode.” To do this, they can allow an Active Directory Key Distribution Center (KDC) to read user security identifiers (SID) from the Subject Alternative Name (SAN). Then, the providers can populate those values. To learn more, see:
- KB5014754: Certificate-based authentication changes on Windows domain controllers
- Preview of SAN URI for Certificate Strong Mapping for KB5014754
- CVE-2022-34691, CVE-2022-26931, and CVE-2022-26923
This update addresses an issue that affects the touch keyboard. It might not show during out-of-box experience (OOBE).
- This update addresses an issue that makes the troubleshooting process fail. This occurs when you use the Get Help app.
- This update addresses an issue that affects Remote Desktop Web Authentication. You might not be able to connect to sovereign cloud endpoints.
- This update affects
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders. Your device can now set and maintain the correct default permissions.