Critical Windows SMB security warning
In response to CVE-2022-38023, Microsoft is removing support for RPC Signing in the Netlogon server, instead requiring Sealing when establishing a 'secure channel'. More details can be found here: KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 - Microsoft Support and here: Security Update Guide - Microsoft Security Response Center
Timeline
June, 13: signing remains possible but cannot disable sealing on Windows server
July, 11: sealing is enforced, no AD authentication without sealing
Action
Update every AD member device like Windows or AD members like OmniOS or SAMBA prior July 11 !!
For an Illumos/OmniOS OS/ZFS kernelbased SMB server as an AD member the sealing feature is under final approvement
.
Newest SAMBA suppports sealing
In response to CVE-2022-38023, Microsoft is removing support for RPC Signing in the Netlogon server, instead requiring Sealing when establishing a 'secure channel'. More details can be found here: KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 - Microsoft Support and here: Security Update Guide - Microsoft Security Response Center
Timeline
June, 13: signing remains possible but cannot disable sealing on Windows server
July, 11: sealing is enforced, no AD authentication without sealing
Action
Update every AD member device like Windows or AD members like OmniOS or SAMBA prior July 11 !!
For an Illumos/OmniOS OS/ZFS kernelbased SMB server as an AD member the sealing feature is under final approvement
Newest SAMBA suppports sealing