Originally, Microsoft was to enforce this patch on July 12, 2022, enabling it on all servers. When level 2 enforcement was enabled, binding macOS devices broke. Level 1 was logging only level 2 enabled the patch fully. By default, this registry key was not present, requiring an administrator to purposefully add the key to test the software. To encourage testing of the patch in customer environments, Microsoft created a registry key (similar to Apple's use of a preference key) to set levels of logging when enabling the patch. While this did not specifically call out macOS devices, Apple administrators on Jamf Nation found that the patch, when fully enforced, would break binding to Active Directory. “After installing Windows updates released November 9, 2021, or later on domain controllers (DCs), some customers might see the new audit Event ID 37 logged after certain password setting or change operations such as … Change the password for third-party, domain-joined devices.” Microsoft updated the information on CVE-2021-42287 on March 22, 2022, with details of a new error when binding third-party devices to Active Directory. While Microsoft provided additional details regarding the issue, as well as, remediation guidance on their support website, administrators immediately discovered a subsequent issue stemming from taking corrective action: remediated servers no longer allowed macOS to bind itself to Active Directory. The issue is a security bypass vulnerability that affects the Kerberos Privilege Attribute Certificate, or PAC. This vulnerability may allow potential attackers to impersonate domain controllers. In the Fall of 2021, Microsoft identified a security issue present in Active Directory Domain Services (ADDS), known as CVE-2021-42287.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |