Organizations are advised to find alternative solutions for continuing business operations. ![]() During this time, domain controllers will enter the Enforcement phase, which may cause macOS devices relying on ADDS to authenticate to be inaccessible, depending on your organization’s infrastructure. ![]() Plan for the future: Microsoft will begin enforcing domain controller validation on July 12, 2022.File feedback with Apple: If your workflow demands that devices be bound to AD, file feedback with Apple, clearly identifying how many devices are affected, use case and impact to your organization.Take steps to secure Active Directory: In the remediation steps above from Microsoft, set the registry key for PacRequestorEnforcement to “1” and test that macOS devices are able to communicate to the domain controller.However, many organizations with shared devices utilize binding to AD for centralized user account management. Evaluate your environment: If your organization does not require its macOS fleet to bind to Active Directory domain controllers, no further action is necessary.While Microsoft provided a dditional details regarding the issue, as well as, remediation guidance on their support website, a dministrators immediately discovered a subsequent issue stemming from taking corrective action: remediated servers no longer allowed macOS to bind itself to Active Directory. The issue is a security bypass vulnerability that affects the Kerberos Privilege Attribute Certificate, or PAC. This vulnerability may allow potential attackers to impersonate domain controllers. ![]() In the Fall of 2021, Microsoft identified a security issue present in Active Directory Domain Services (ADDS) known as CVE-2021-42287.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |