MC465515 – May 2023 enforcement coming for servers running Active Directory Certificate Services and Windows domain controllers

cloudscout.one Icon

check before: 2023-05-09

Product:

Office 365 general

Platform:

World tenant

Status:

Change type:

Admin impact

Links:

Details:

Starting in May 10, 2022, Windows security updates have addressed CVE-2022-34691, CVE-2022-26931, and CVE-2022-26923 following a timeline that includes a Compatibility mode, Full Enforcement mode and a Disable mode. By May 9, 2023, all servers that run Active Directory Certificate Services and Windows domain controllers will be updated to Full Enforcement mode. These CVEs address an elevation of privilege vulnerability that can occur when the Kerberos Distribution Center (KDC) is servicing a certificate-based authentication request.


Before the May 10, 2022, security update, certificate-based authentication would not account for a dollar sign ($) at the end of a machine name. This allowed related certificates to be emulated (spoofed) in various ways. See KB5014754 for detailed information.


When will this happen:
We will update all devices to Full Enforcement mode by May 9, 2023.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-11-10

updated:
2022-11-10

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


Login to your account

Welcome Back, We Missed You!