Microsoft Security Advisory ADV190023 LDAP

Name
Microsoft Security Advisory ADV190023 LDAP
Tracking Number
NA
First Publish Date
24 Feb 2020
Date of Current Status
26 Mar 2020
Next Planned Update
N/A
Description
LDAP channel binding and LDAP signing provide ways to increase the security of network communications between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight Directory Services (AD LDS) and its clients. There is a vulnerability in the default configuration for Lightweight Directory Access Protocol (LDAP) channel binding and LDAP signing and may expose Active directory domain controllers to elevation of privilege vulnerabilities. Microsoft Security Advisory ADV190023 address the issue by recommending the administrators enable LDAP channel binding and LDAP signing on Active Directory Domain Controllers. This hardening must be done manually until the release of the security update that will enable these settings by default.
What You Need To Know?
Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes and anticipate this update will be available in March 2020. Please visit: https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
What is Xerox Doing About This?
Xerox is working closely with development teams currently assessing possible impacts of the Microsoft security update.
Impact
No Xerox products have been identified as being impacted.
What Should You Do?
Microsoft strongly advise administrators to enable LDAP channel binding and LDAP signing between now and March 2020 to find and fix any operating systems, applications or intermediate device compatibility issues in their environment. If any compatibility issue is found, administrators will need to contact the manufacturer of that particular OS, application or device for support.
NOTE: Any OS version, application and intermediate device that performs a man-in-the-middle inspection of LDAP traffic are most likely to be impacted by this hardening change.