Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
George_Casper
Contributor

Microsoft Kerberos & NetLogon Changes November 8, 2022 Announcements


Does Checkpoint have any response with compatibility guidelines or issues regarding Microsoft's Kerberos & NetLogon changes announced today?   See links below.  Anything with Identity Awareness, Identity Connector, LDAP Lookup & VPN Authentication, etc...? 

 

5 Replies
PhoneBoy
Admin
Admin

To the best of my knowledge, the only thing that MIGHT be impacted is transparent (browser) auth via Identity Awareness.
@Royi_Priov would know for sure.

0 Kudos
Liel_Shaish
Employee
Employee

Hi,

Identity Awareness Kerberos flows and AD-Query were analyzed and tested. No issues were found or reported.
We are still missing an indication on Microsoft side that 
configuration was applied correctly. We will try to verify it with Microsoft support.  



Thanks,
Liel Shaish, RnD Group Manager 

0 Kudos
EmanueleM
Explorer

Good morning Liel, can you officially confirm that there are no potential issues?

Best regards

Emanuele

0 Kudos
Wolfgang
Authority
Authority

Are there any news regarding this issue ? How about SSO authentication via Kerberos with Identity Agent on windows machine ? Are we safe without changes ?

0 Kudos
EmanueleM
Explorer

Hi Wolfgang, last week I opened a SR to Check Point support and this was their answer:

Official response from RnD:
According to the R & D team, CVE-2022-38023 and  CVE-2022-37967 are part of Microsoft configuration (Kerberos server and windows server). Checkpoint gateways are not affected by these protocol changes. The only blade which listens to such traffic is Identity Awareness. The identity Awareness blade was analyzed and tested  in response to Protocol Change CVE-2022-38023 and CVE-2022-37967 and no issues were found or reported

Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events