Search

MC555534 – Changes to Windows Server security hardening for Netlogon and Kerberos coming July 11, 2023

cloudscout.one Icon

check before: 2023-05-29

Product:

Office 365 general

Platform:

World tenant

Status:

Change type:

Admin impact

Links:

Details:

Recent Windows updates address vulnerabilities in the Netlogon protocol when remote procedure call (RPC) signing is used instead of RPC sealing. The Netlogon RPC interface is primarily used to maintain the relationship between a device and its domain, and relationships among domain controllers (DCs) and domains. All domain-joined, machine accounts are affected by these vulnerabilities. Guidance and documentation can be found at KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023.


Please note, updates released April 11, 2023 and later have brought two important changes which can affect the testing and deployment processes which were previously documented for this hardening:
Guidance around a group policy object (GPO) setting that could be used as way to exclude individual accounts from the hardening has been removed. After investigation, we concluded this setting was not an effective workaround for scenarios involving these hardening changes. The related guidance was cleared from the KB documentation.
Certain scenarios were not being affected by the hardening changes included in a November 8th, 2022 update. These scenarios were fixed in the April 11, 2023 updates, which may cause Netlogon EventIDs 5838 and/or 5839 to start being logged after installing the April 11th, 2023 update.


To help secure your environment, install Windows updates dated April 11, 2023 or later on all devices, including DCs. As always, we recommend that devices are kept up to date with the latest versions of Windows.


Upcoming Windows updates released on and after July 11, 2023 will fully enforce RPC sealing requirements - we strongly recommend that IT administrators conduct testing by enabling hardening changes before this date. For full details on these security hardenings and how to detect issues in your environment, see KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023.


When will this happen:
The July monthly security update, planned for July 11, 2023, concludes the hardening rollout by fully enforcing the RPC sealing security requirements. Beginning with this update, there will be no ability to bypass hardening measures.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-05-16

updated:
2023-06-04

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-06-04MC prepareWe strongly recommend that IT administrators conduct testing by enabling hardening changes before July 11, 2023, and monitor operations in their environments. Install Windows updates dated April 11, 2023 or later on all devices, including DCs. Please see the documentation in the Additional information section at the bottom of this entry for updated details on the testing process, and also take note of the changes taking place in the upcoming June and July phases.


Additional information:
For more information on these security hardenings and how to detect issues in your environment, see the following articles:
KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023
CVE-2022-38023
https://learn.microsoft.com/openspecs/windows_protocols/ms-nrpc/b5e7d25a-40b2-41c8-9611-98f53358af66#gt_8a7f6700-8311-45bc-af10-82e10accd331
https://learn.microsoft.com/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023.
https://support.microsoft.com/help/5021130
We strongly recommend that IT administrators conduct testing by enabling hardening changes before July 11, 2023, and monitor operations in their environments. Install Windows updates dated April 11, 2023 or later on all devices, including DCs. Please see the documentation in the Additional information section at the bottom of this entry for updated details on the testing process, and also take note of the changes taking place in the upcoming June and July phases.


Additional information:
For more information on these security hardenings and how to detect issues in your environment, see the following articles:
KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023
CVE-2022-38023
https://learn.microsoft.com/openspecs/windows_protocols/ms-nrpc/b5e7d25a-40b2-41c8-9611-98f53358af66#gt_8a7f6700-8311-45bc-af10-82e10accd331
https://learn.microsoft.com/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023
https://support.microsoft.com/help/5021130

*starting April 2022

Last updated 10 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!