Critical Technical Advisory

February 02, 2023


The November 8, 2022, and later monthly rollup, windows updates address the netlogon and kerberos vulnerabilities related to CVE-2022-38023, cve-2022-37966 and CVE-202237967.

As your trusted data center and networking optimization firm, Park Place Technologies is making you aware of certain security advisories and vulnerabilities so that your organization can take the proper action necessary to prevent possible data unavailability (“DU”). Original Equipment Manufacturers (“OEM’s”) and software vendors require customers to work directly with them on any patches or code updates, including those mentioned in this advisory. OEMs do not authorize third parties to distribute their patches or updates, including those mentioned in this advisory.

Summary

Starting on November 8, 2022, Monthly Rollup patches for Windows & Windows Server, Microsoft modified how Windows leverages Active Directory authentication encryption types. While Park Place follows Microsoft’s recommendation to keep your Windows infrastructure up to date with the latest patch offerings from Microsoft, certain legacy appliances or applications will not work with the changes made by these patches. The effect of this change is that these same appliances and applications will not be able to authenticate any new session requests, which may trigger a DU scenario in certain use cases. The most noticeable impact is with appliances that host CIFS/SMB shares and authenticate users with an Active Directory provider.

Park Place customers have reported experiencing DU scenarios due to the installation of these patches in their Windows Server environment. Affected products span several OEM’s and product lines. Affected products that provide CIFS file shares may include, BUT ARE NOT LIMITED TO:

  • EMC Isilon/PowerScale
  • EMC VNX/VNXe
  • EMC Unity
  • EMC Data Domain
  • NetApp

NOTE: This list only includes products that Park Place’s Solutions Support team has observed as affected by this vulnerability and is therefore subject to change; This should not be considered a comprehensive list of affected products. Customers should validate with the OEMs if their products are affected; OEM’s will always be the authority on the capabilities and operation of their products.

Enforcement Phases

For details on specific enforcement dates please go to the Microsoft website and search for:

  • CVE-2022-38023
  • CVE-2022-37966
  • CVE-2022-37967

What Does My Organization Need to Do?

You can confirm if your product is affected by attempting to authenticate a new session. Affected products will fail authentication when connecting using the configured Fully Qualified Domain Name (“FQDN”) and will pass authentication when connecting using the configured IP address instead. Reconfiguring clients to connect to CIFS shares via IP address on affected products, instead of FQDN, may be a suitable workaround for your organization.

Park Place recommends you consult your product’s OEM for guidance on how to work in conjunction with the changes made by these Windows Updates. In certain cases, a major software/code update to the product may be required to allow any encryption protocols required by the Updates.

For any further guidance on best practices and workarounds for these changes to Windows & Windows Server and Active Directory authentication, particularly if a suitable update to your affected product is not available, please contact Microsoft and/or the OEM for additional guidance.

Thank you for your continued business and thank you for choosing Park Place Technologies.

Regards,
The Solutions Support Team
Park Place Technologies

Addendum

NETAPP ONTAP GUIDANCE:

NetApp is planning to release fixes for this vulnerability for their systems via ONTAP releases. Please note that NetApp is not planning on releasing an update for all ONTAP versions. Some NetApp systems will not be compatible with these newer ONTAP releases, so we recommend that you check Netapp’s website for the most current updates on your system’s compatibility with the maximum supported ONTAP versions to address CVE-2022-38023.

If you require help to install the needed ONTAP versions in your environment, then Park Place Technologies Professional Services team may be able to provide assistance. Please reach out to your account manager to get more details to engage Professional Services or go to: Data Center Professional Services – Park Place Technologies.

Last Update: Feb 2, 2023

About the Author

Rob McCabe, VP Advanced Engineering/Research & Development