Everything posted by Alex Montague
New information has come to light: apparently, the March 2020 update will NOT change the default settings for LDAP connections, but another monthly security update will later this year. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-update/ba-p/921536 ***NEW NOTE*** ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023 Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers. A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings. Administrators can prevent the feature update from making those change either by enabling LDAP signing and channel binding NOW or by configuring non-default values prior to installing updates that enable LDAP signing and channel binding by default.
Thanks for this. Raised the flag 2-3 months back when ADV190023 first came out. I was wondering how could we go about investigating which appliances/systems would break after this update goes through, and the default settings gets changed. Looks like I'll be working on it right away.
Hola! I'm Alex, and I currently work as a Security Administrator for a company in Québec, Canada (though we have stores in other Canadian provinces). I've had my current position since December 2017, so I'm still pretty new to this. I got my GCIH at the beginning of the year too. I used to be an active MRT on UNITE Forums (BleepingComputer, Malwarebytes, GeeksToGo, etc.) but I'm currently on hiatus due to lack of free time. I like anything and everything InfoSec, with a focus on Blue Team stuff: AV, EDR, VS, SIEM, PAM, DFIR, etc. but I'm eternally conflicted by the desir to move over to the Red Team. On Twitter, I'm @SecurityAura, my DMs are always open if you want to chat or have a question (I'll try to assist you to the best of my abilities). Pleased to be here!