Core Infrastructure and Security Blog
Copied!
Home
Options
2,507
Zoheb Shaikh on 02-13-2020 12:00 AM
4,486
John_Clyburn on 02-10-2020 12:00 AM
2,934
Tim_Beasley on 02-06-2020 02:10 PM
1,491
hspinto on 02-04-2020 07:21 AM
7,097
Jon Warnken on 01-30-2020 06:53 AM
1,358
Sean Greenbaum on 01-28-2020 09:19 AM
795
NoMoePwds on 01-24-2020 02:10 PM
518
NoMoePwds on 01-24-2020 02:10 PM
396
NoMoePwds on 01-24-2020 02:10 PM
317
NoMoePwds on 01-24-2020 02:10 PM
343
Amer_Kamal on 01-24-2020 02:10 PM
357
NoMoePwds on 01-24-2020 02:10 PM
369
NoMoePwds on 01-24-2020 02:10 PM
417
NoMoePwds on 01-24-2020 02:09 PM
403
NoMoePwds on 01-24-2020 02:08 PM
389
NoMoePwds on 01-24-2020 02:07 PM
334
Amer_Kamal on 01-24-2020 02:07 PM
317
Amer_Kamal on 01-24-2020 02:06 PM
301
NoMoePwds on 01-24-2020 02:05 PM
304
NoMoePwds on 01-24-2020 02:05 PM
262
Amer_Kamal on 01-24-2020 02:05 PM
315
Amer_Kamal on 01-24-2020 02:05 PM
273
NoMoePwds on 01-24-2020 02:05 PM
263
NoMoePwds on 01-24-2020 02:05 PM
303
Amer_Kamal on 01-24-2020 02:05 PM
283
NoMoePwds on 01-24-2020 02:02 PM
256
Amer_Kamal on 01-24-2020 02:02 PM
266
Amer_Kamal on 01-24-2020 02:02 PM
247
NoMoePwds on 01-24-2020 02:01 PM
255
NoMoePwds on 01-24-2020 02:01 PM
Latest Comments
Hello, The ADV190023 was updated, but below article still states that the hardening will be enforced in March 2020:https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirem... "Microsoft intends to release a security update on Windows Update to enable LDAP ...
0 Likes
@Evgeny -- The official advisory ADV190023 was updated about 2 weeks ago. Please refer here -- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
0 Likes
Hi @Alan La Pietra Thank you for information. The article says "This information is preliminary and is subject to revision.This article is a living document, written over time and is subject to change. When guidance presented in this article is in direct conflict with official documentation, one mus...
0 Likes
@amyknight @jdobiash Event 2889 occurs with Unsigned and Signed SASL Bindings over port 389 /3268 (GSSAPI / TLS). As I understand, there is always one unsigned LDAP SASL Bind (to get the KerbTicket or the certificate), and the DC accepts this. After that, the LDAP SASL Bind can be processed. So even...
0 Likes
This is very descriptive and informative. Thanks for putting this together!
0 Likes