MC674685 – Reminder: Security hardening changes for Netlogon and Kerberos effective October 10, 2023 (archived)

cloudscout.one Icon

check before: 2023-10-10

Product:

Office 365 general, Windows Server

Platform:

World tenant, Online, Windows Desktop

Status:

Change type:

Admin impact

Links:

Details:

Windows updates released November 8, 2022 and later include changes that address security vulnerabilities affecting Windows Server domain controllers (DC). Among the addressed vulnerabilities is a Kerberos security bypass and elevation of privilege scenario involving alteration of Privilege Attribute Certificate (PAC) signatures. Changes to address this issue have been released following a series of phases throughout 2023, and are reaching the final stage of enforcement in October.


All domain-joined, machine accounts are affected by these vulnerabilities. For details on configuring these security requirements in your environment see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.


When will this happen:
As previously announced, Windows updates released on and after this October 10, 2023 will have the following effect:


Remove the ability to disable PAC signature addition (previously done via the registry subkey KrbtgtFullPacSignature)
Remove support for Audit mode (this enabled authentication whether PAC signatures were missing or invalid, and created audit logs for review).
Deny authentication to incoming service tickets without the new PAC signatures.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2023-09-12

updated:
2023-09-12

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


Last updated 3 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!