Core Infrastructure and Security Blog
Copied!
Home
Options
2,400
Zoheb Shaikh on 02-13-2020 12:00 AM
4,477
John_Clyburn on 02-10-2020 12:00 AM
2,903
Tim_Beasley on 02-06-2020 02:10 PM
1,474
hspinto on 02-04-2020 07:21 AM
6,990
Jon Warnken on 01-30-2020 06:53 AM
1,350
Sean Greenbaum on 01-28-2020 09:19 AM
791
NoMoePwds on 01-24-2020 02:10 PM
515
NoMoePwds on 01-24-2020 02:10 PM
391
NoMoePwds on 01-24-2020 02:10 PM
314
NoMoePwds on 01-24-2020 02:10 PM
342
Amer_Kamal on 01-24-2020 02:10 PM
355
NoMoePwds on 01-24-2020 02:10 PM
367
NoMoePwds on 01-24-2020 02:10 PM
411
NoMoePwds on 01-24-2020 02:09 PM
403
NoMoePwds on 01-24-2020 02:08 PM
384
NoMoePwds on 01-24-2020 02:07 PM
326
Amer_Kamal on 01-24-2020 02:07 PM
314
Amer_Kamal on 01-24-2020 02:06 PM
298
NoMoePwds on 01-24-2020 02:05 PM
300
NoMoePwds on 01-24-2020 02:05 PM
260
Amer_Kamal on 01-24-2020 02:05 PM
311
Amer_Kamal on 01-24-2020 02:05 PM
273
NoMoePwds on 01-24-2020 02:05 PM
262
NoMoePwds on 01-24-2020 02:05 PM
292
Amer_Kamal on 01-24-2020 02:05 PM
282
NoMoePwds on 01-24-2020 02:02 PM
254
Amer_Kamal on 01-24-2020 02:02 PM
262
Amer_Kamal on 01-24-2020 02:02 PM
247
NoMoePwds on 01-24-2020 02:01 PM
253
NoMoePwds on 01-24-2020 02:01 PM
Latest Comments
Hello, The ADV190023 was updated, but below article still states that the hardening will be enforced in March 2020:https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirem... "Microsoft intends to release a security update on Windows Update to enable LDAP ...
0 Likes
@Evgeny -- The official advisory ADV190023 was updated about 2 weeks ago. Please refer here -- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
0 Likes
Hi @Alan La Pietra Thank you for information. The article says "This information is preliminary and is subject to revision.This article is a living document, written over time and is subject to change. When guidance presented in this article is in direct conflict with official documentation, one mus...
0 Likes
@amyknight @jdobiash Event 2889 occurs with Unsigned and Signed SASL Bindings over port 389 /3268 (GSSAPI / TLS). As I understand, there is always one unsigned LDAP SASL Bind (to get the KerbTicket or the certificate), and the DC accepts this. After that, the LDAP SASL Bind can be processed. So even...
0 Likes
This is very descriptive and informative. Thanks for putting this together!
0 Likes