2nd version of ConfigMgr security fix

bhuney · bhuney · commit 81dc4eee72f3 · 2022-09-28T14:47:32.000-04:00
diff --git a/memdocs/configmgr/hotfix/2207/15498768.md b/memdocs/configmgr/hotfix/2207/15498768.md
@@ -16,6 +16,12 @@ manager: dougeby
 *Applies to: Configuration Manager (current branch, versions 2103, 2107, 2111, 2203, 2207)*
 
 ## Summary of KB15498768
+
+> [!IMPORTANT]
+> This update is superseded by the following:
+>
+> [KB 15599094 NTLM client installation update for Microsoft Endpoint Configuration Manager](../../hotfix/2207/15599094.md)
+<!-- 15599094 -->
 Disabling the **Allow connection fallback to NTLM** option in *Client Push Installation Properties* is not honored under either of the following conditions:
 - If there are Kerberos authentication failures the client push account will attempt an NTLM connection instead.
 - The site server computer account will attempt a connection using NTLM if Kerberos authentication fails for all defined client push installation accounts.
@@ -72,6 +78,7 @@ File information is available in the following version-specific file lists (KB15
 
 ## Release history
 - September 20, 2022: Initial hotfix release
+- October 3, 2022: Added supersedence information for KB 15599094
 
 ## References
 [Updates and servicing for Configuration Manager](../../core/servers/manage/updates.md)
diff --git a/memdocs/configmgr/hotfix/2207/15599094.md b/memdocs/configmgr/hotfix/2207/15599094.md
@@ -0,0 +1,62 @@
+---
+title: NTLM connection fallback update for Microsoft Endpoint Configuration Manager
+titleSuffix: Configuration Manager
+description: NTLM connection fallback update for Configuration Manager
+ms.date: 10/03/2022
+ms.prod: configuration-manager
+ms.technology: configmgr-core
+ms.topic: reference
+ms.assetid: 51ca8528-3d14-4c01-85c2-941edafb58f3
+author: bhuney
+ms.author: brianhun
+manager: dougeby
+---
+# NTLM client installation update for Microsoft Endpoint Configuration Manager
+
+*Applies to: Configuration Manager (current branch, versions 2103, 2107, 2111, 2203, 2207)*
+
+## Summary of KB15599094
+
+The client push installation account always attempts an NTLM connection to a client to retrieve WMI query results during the installation process.
+This happens even if the **Allow connection fallback to NTLM** option is disabled in *Client Push Installation Properties*. 
+ 
+## Update information for Microsoft Endpoint Configuration Manager, versions 2103-2207
+An update to resolve this issue is available in the **Updates and Servicing** node of the Configuration Manager console for environments that have versions 2103-2207 installed. 
+
+#### Update replacement information
+This update replaces the following previously released update.
+
+[KB 15498768 NTLM connection fallback update for Microsoft Endpoint Configuration Manager](../../hotfix/2207/15498768.md)
+
+#### Restart information
+For Configuration Manager versions 2107 and later, this update doesn't require a computer restart or a [site reset](../../core/servers/manage/modify-your-infrastructure.md#bkmk_reset) after installation.
+
+Configuration Manager version 2103 will require a site reset after update installation.
+
+### Additional installation information
+After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select **Administration** > **Site Configuration** > **Sites** >  **Recover Secondary Site**, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site aren't affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
+
+Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
+   ```sql
+   select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
+   ```
+If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
+
+If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the **Recover Secondary Site** option to update the secondary site.
+
+## Version information
+No major components are updated with this release.
+
+## File information
+File information is available in the following version-specific file lists (KB15599094_FileList.txt):
+- [Configuration Manager 2103](https://aka.ms/KB15599094_2103_FileList)
+- [Configuration Manager 2107](https://aka.ms/KB15599094_2107_FileList)
+- [Configuration Manager 2111](https://aka.ms/KB15599094_2111_FileList)
+- [Configuration Manager 2203](https://aka.ms/KB15599094_2203_FileList)
+- [Configuration Manager 2207](https://aka.ms/KB15599094_2207_FileList)
+
+## Release history
+- October 3, 2022: Initial hotfix release
+
+## References
+[Updates and servicing for Configuration Manager](../../core/servers/manage/updates.md)
diff --git a/memdocs/configmgr/hotfix/TOC.yml b/memdocs/configmgr/hotfix/TOC.yml
@@ -11,6 +11,8 @@ items:
     href: 2207/14978429.md
   - name: KB 15498768 NTLM connection fallback update
     href: 2207/15498768.md
+  - name: KB 15599094 NTLM client installation update
+    href: 2207/15599094.md
 - name: Version 2203
   items:
   - name: KB 13174460 Summary of changes in 2203
@@ -21,8 +23,8 @@ items:
     href: 2203/14480034.md
   - name: KB 14244456 Update rollup for Microsoft Endpoint Configuration Manager version 2203
     href: 2203/14244456.md
-  - name: KB 15498768 NTLM connection fallback update
-    href: 2207/15498768.md
+  - name: KB 15599094 NTLM client installation update
+    href: 2207/15599094.md
 - name: Version 2111
   items:
   - name: KB 10096997 Summary of changes in 2111
@@ -35,8 +37,8 @@ items:
     href: 2111/12819689.md
   - name: KB 12896009 Update rollup for Microsoft Endpoint Configuration Manager version 2111
     href: 2111/12896009.md
-  - name: KB 15498768 NTLM connection fallback update
-    href: 2207/15498768.md
+  - name: KB 15599094 NTLM client installation update
+    href: 2207/15599094.md
 - name: Version 2107
   items:
   - name: KB 10096997 Summary of changes in 2107
@@ -47,8 +49,8 @@ items:
     href: 2107/11121541.md
   - name: KB 12636660 Network access account update
     href: 2107/12636660.md
-  - name: KB 15498768 NTLM connection fallback update
-    href: 2207/15498768.md
+  - name: KB 15599094 NTLM client installation update
+    href: 2207/15599094.md
 - name: Version 2103
   items:
   - name: KB 9210721 Summary of changes in 2103
@@ -67,8 +69,8 @@ items:
     href: 2103/10589155.md
   - name: KB 10582136 Tenant attach update
     href: 2103/10582136.md
-  - name: KB 15498768 NTLM connection fallback update
-    href: 2207/15498768.md
+  - name: KB 15599094 NTLM client installation update
+    href: 2207/15599094.md
 - name: Version 2010
   items:
   - name: KB 4599442 Summary of changes in 2010
diff --git a/memdocs/configmgr/hotfix/index.yml b/memdocs/configmgr/hotfix/index.yml
@@ -25,8 +25,8 @@ landingContent:
             url: 2207/14840616.md
           - text: KB 14959905 Early update ring
             url: 2207/14959905.md
-          - text: KB 15498768 NTLM connection fallback update
-            url: 2207/15498768.md
+          - text: KB 15599094 NTLM client installation update
+            url: 2207/15599094.md
 
   - title: Configuration Manager 2203
     linkLists:
