Hello everyone, just wanted to ensure you’ve seen that there are upcoming Microsoft changes to Active Directory, Kerberos, and LDAP that may affect your environments.
- KB5008383—Active Directory permissions updates (CVE-2021-42291)
- Enforcement Mode expected to be enabled by default in April 2023 updates.
- KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967
- Enforcement Mode expected to be enabled by default in July 2023 updates.
- KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966
- I don’t see an enforcement date for this one, but a couple of extended warnings. From the MS article, any Windows 2008 R2 or earlier systems may not be accessed from modern Windows systems, unless the 2008 R2 or earlier have ESU support and install the related ESU updates dated November 8, 2022 or later.
- In another forum, I’m seeing references that Citrix and VMWare provisioning services may be impacted. Ref https://support.citrix.com/article/CTX318084/required-permissions-for-citrix-machine-creation-services-and-auditing-information and https://support.citrix.com/article/CTX335812/adding-new-machines-to-mcs-catalog-fails-when-using-a-nondomain-admin-account