Unsolved
7 Posts
0
1385
April 25th, 2023 13:00
MS Netlogon RPC enforcement - CVE-2022-38023
Regarding the upcoming Netlogon RPC enforcement coming from Microsoft
According to this Dell article:
"These updates to Windows by Microsoft to address CVE-2022-38023 will have NO functional impact to PowerScale clients running any current release of OneFS as RPC Sign and Seal has been supported since OneFS 7.x.
New Event ID 5840 WILL be created with PowerScale clients running OneFS releaess 9.4.x and earlier which use RC4 by default for NTLM/Netlogon Secure Channel."
Has anyone actually configured Enforcement of the Netlogon RPC changes yet in an environment with OneFS 9.4.x and older and confirmed that these 5840 events are actually cosmetic only?
CendresMetaux
1 Rookie
•
62 Posts
0
April 28th, 2023 05:00
Well I sure hope Dell EMC did before publishing said statement
Anyhow, probably next week we'll run a manual enforcement mode (putting the enforcement registey key manually to value "2") to see what happens in our environment. Not only w.r.t. Isilon/PowerScale but as a whole. Better to do it now than pitfalling when Microsoft flips the switch coming months.
According to internal log analysis we should be ready, only Isilon and one other system generating Event ID 5840 (the supposedly "cosmetic" one). No Event IDs 5838/5839 (the "deadly" ones)...
Wish me luck! I'll report back as soon as I have reasonable intel...
CendresMetaux
1 Rookie
•
62 Posts
0
May 24th, 2023 08:00
So, two weeks after manually enabling enforcement in our environment (before Microsoft will do it in a few weeks via updates), I can savely say that all went without problems! No issues with Isilon/PowerScale (or any other system in our environment for that matter) whatsoever...