Microsoft has shared a timeline for hardening DCOM, Kerberos, Netlogon, Azure by 2024.

[ad_1]

Sian Sen

Newvin
ยท

Apr 29, 2023 02:20 EDT

A blue Band-Aid with the Windows logo on it

Microsoft has been making drastic changes to several protocols over the past few years. These are deployed to address recently discovered security threats. Earlier this year in February, Microsoft made DCOM stricter. Later in March, the tech giant shared additional resources for the facility. Soon after, the company reminded IT admins and system admins about the third phase of Kerberos hardening.

To remind IT administrators about upcoming changes, the tech giant usually publishes updates in its support articles. Today, the company shared a helpful roadmap that outlines all the upcoming hardness changes through 2024. They also link to the corresponding Knowledge Base (KB) support articles where users can learn more about the changes.

Change in hardness by month

Consult month-by-month details of all upcoming rigor changes to help you plan for each phase and final implementation.

April 2023

  • Changes to the Netlogon protocol KB5021130 | Phase 2
    initial implementation; Removes the ability to disable RPC sealing by setting the value 0 to the RequireSeal registry key.
  • Certificate-based authentication KB5014754 | Phase 2
    Removes passive mode.

June 2023

  • Changes to the Netlogon protocol KB5021130 | Phase 3
    Default implementation. The RequireSeal subkey will be moved to enforcement mode unless you explicitly configure it under compatibility mode.
  • Kerberos PAC signature KB5020805 | Phase 3
    Removes the ability to disable PAC signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0.

July 2023

  • Changes to the Netlogon protocol KB5021130 | Phase 4
    Final implementation. The RequireSeal subkey will be moved to enforcement mode unless you explicitly configure it under compatibility mode.
  • Kerberos PAC signature KB5020805 | Phase 4
    Enforcement mode by default (KrbtgtFullPacSignature = 3), which you can override with an explicit audit setting.

October 2023

  • Kerberos PAC signature KB5020805 | Phase 5
    Final, full implementation.

November 2023

  • Certificate-based authentication KB5014754 | Phase 3
    Final, full implementation.

January 2024

  • Active Directory (AD) permissions issue KB5008383 | Phase 5
    Final implementation.

This blog post was written by Namrata Bachwani, Principal Program Manager Lead at Microsoft. You can find it. Here.

Report a problem with the article.

Microsoft logo in front of Russian flag
Previous article

Microsoft has decided to continue working with Russian private companies under sanctions.



[ad_2]

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

x