A list of updates addressed in a phased rollout (aka. enforcements) on Windows/ActiveDirectory that I am aware of. Microsoft usually chooses this approach if they know, that the final implementation of the update will likely break stuff. That's why there's always one or more inital phases
that introduce new events or audit capabilities to let you check for potential impact before the final enforcement phase
.
The first table is a list of update phases which are currently running. The second table is a list of once planned but then postponed enforcements (so they will reappear in the future I guess).
Name | CVE | Initial Phases | Enforcement Phase | Event Log | EventCodes | Link |
---|---|---|---|---|---|---|
LDAP Permission changes | CVE-2021-42291 | Phase 1: 9.11.2021 | 09.01.2024 | Directory Services | 3050,3051,3052,30533054,3055,3047,30483049,3056,3044,30453046 | https://support.microsoft.com/en-us/topic/kb5008383-active-directory-p |