check before: 2023-07-25
Product:
Office 365 general, Windows, Windows Server
Platform:
World tenant, Online, Windows Desktop
Status:
Change type:
Admin impact
Links:
Details:
The November 8, 2022 and later Windows updates are crucial in addressing two important security vulnerabilities, both impacting Windows Server domain controllers (DC):
Weaknesses in the Netlogon protocol when RPC signing is used instead of RPC sealing. Find more information in CVE-2022-38023.
Kerberos security bypass and elevation of privilege vulnerabilities involving alteration of Privilege Attribute Certificate (PAC) signatures. Find more information in CVE-2022-37967.
All domain-joined, machine accounts are affected by these vulnerabilities. Review the below KB entries to understand the options available for configuring these changing security requirements in your environment, as well as monitor for warnings and issues.
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967
When will this happen:
As previously announced, the following changes are coming into effect with Windows updates released on and after July 11, 2023:
Netlogon protocol changes:
July 11, 2023: enforcement for Netlogon protocol using RPC sealing will be enabled on all domain controllers. Vulnerable connections from non-compliant devices will be blocked. Enforcement of RPC sealing cannot be removed.
Kerberos protocol changes:
July 11, 2023: Domain controllers will have signatures added to the Kerberos PAC Buffer. The ability to disable PAC signature addition will no longer be available and verification of signature cannot be prevented. Connections for missing or invalid signatures will continue to be allowed with an "Audit mode" setting. However, they will be denied authentication beginning October 2023.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2023-07-12
updated:
2023-07-12
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
Last updated 1 month ago ago
