https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/177101#M29479 <P>Are there any news regarding this issue ? How about SSO authentication via Kerberos with Identity Agent on windows machine ? Are we safe without changes ?</P> Mon, 03 Apr 2023 07:59:56 GMT Wolfgang 2023-04-03T07:59:56Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161616#M27004 <DIV><BR />Does Checkpoint have any response with compatibility guidelines or issues regarding Microsoft's Kerberos &amp; NetLogon changes announced today?&nbsp; &nbsp;See links below.&nbsp; Anything with Identity Awareness, Identity Connector, LDAP Lookup &amp; VPN Authentication, etc...?&nbsp;<BR /><BR /> <UL> <LI><A href="https://support.microsoft.com/help/5020805" target="_blank" rel="noopener">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967</A></LI> <LI><A href="https://support.microsoft.com/help/5021130" target="_blank" rel="noopener">KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023</A></LI> <LI><A href="https://support.microsoft.com/help/5021131" target="_blank" rel="noopener">KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966</A></LI> </UL> </DIV> <P>&nbsp;</P> Wed, 09 Nov 2022 08:27:53 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161616#M27004 George_Casper 2022-11-09T08:27:53Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161724#M27019 <P>To the best of my knowledge, the only thing that MIGHT be impacted is transparent (browser) auth via Identity Awareness.<BR /><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;would know for sure.</P> Thu, 10 Nov 2022 01:51:17 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161724#M27019 PhoneBoy 2022-11-10T01:51:17Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161995#M27050 <P>Hi,</P> <P>Identity Awareness&nbsp;<SPAN>Kerberos&nbsp;flows and AD-Query were analyzed&nbsp;and tested. No issues were found or reported.<BR />We are still missing an indication on Microsoft side that&nbsp;</SPAN>configuration was applied correctly. We will try to verify it with Microsoft support.&nbsp;&nbsp;</P> <P><SPAN><BR /><BR />Thanks,<BR /></SPAN><SPAN>Liel Shaish, RnD Group Manager&nbsp;</SPAN></P> Mon, 14 Nov 2022 13:34:31 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/161995#M27050 Liel_Shaish 2022-11-14T13:34:31Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/176709#M29425 <P>Good morning Liel, can you officially confirm that there are no potential issues?</P><P>Best regards</P><P>Emanuele</P> Thu, 30 Mar 2023 09:36:03 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/176709#M29425 EmanueleM 2023-03-30T09:36:03Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/177101#M29479 <P>Are there any news regarding this issue ? How about SSO authentication via Kerberos with Identity Agent on windows machine ? Are we safe without changes ?</P> Mon, 03 Apr 2023 07:59:56 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/177101#M29479 Wolfgang 2023-04-03T07:59:56Z https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/177113#M29485 <P>Hi Wolfgang,&nbsp;last week I opened a SR to Check Point support and this was their answer:</P><P>Official response from RnD:<BR />According to the R &amp; D team,&nbsp;CVE-2022-38023 and&nbsp; CVE-2022-37967&nbsp;are part of Microsoft configuration (Kerberos server and windows server). Checkpoint gateways are not affected by these protocol changes.&nbsp;The only blade which listens to such traffic is Identity Awareness.&nbsp;The identity Awareness blade was analyzed and tested&nbsp;&nbsp;in response to&nbsp;Protocol Change CVE-2022-38023 and CVE-2022-37967 and no issues were found or reported</P><P>Regards</P> Mon, 03 Apr 2023 09:07:20 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-Kerberos-amp-NetLogon-Changes-November-8-2022/m-p/177113#M29485 EmanueleM 2023-04-03T09:07:20Z