Educause Security Discussion mailing list archives

Re: REN-ISAC Advisory: Microsoft LDAP Changes

From: Michael Davis <mdavis () REN-ISAC NET>
Date: Fri, 7 Feb 2020 12:06:16 -0600

Nice catch, Scott, thanks!

 

While the preparation guidance is still applicable, Scott points out the
added benefit of extra breathing room. We've updated our advisory to reflect
Microsoft's new projected timeline of "the second half of calendar year
2020" for these changes. 

 

The latest advisory is available at
https://www.ren-isac.net/public-resources/alerts/LDAP%20Signing%20Advisory.h
tml

 

Happy Friday,

Michael

 

 

From: Scott Norton <dsnorton () uw edu> 
Sent: Thursday, February 6, 2020 8:27 AM
To: mdavis () REN-ISAC NET; SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] REN-ISAC Advisory: Microsoft LDAP Changes

 

Microsoft has announced a change to this and are punting the default change.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023


The now planned update should help folks get the job done by adding new
auditing.

 

 

  _____  

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on
behalf of Michael Davis <mdavis () REN-ISAC NET <mailto:mdavis () REN-ISAC NET> >
Sent: Thursday, February 6, 2020 6:06:56 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> >
Subject: [SECURITY] REN-ISAC Advisory: Microsoft LDAP Changes 

 

Greetings,

 

The REN-ISAC has issued the attached advisory to call attention to the
upcoming changes in default LDAP binding / signing configurations that
Microsoft plans to roll out next month. This change may disrupt clients that
rely on the historic default LDAP behavior. 

 

See attached advisory for recommended actions and further information.

 

On behalf of the REN-ISAC team,

 

Michael Davis

Lead Security Engineer

REN-ISAC

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

REN-ISAC Advisory: Microsoft LDAP Changes Michael Davis (Feb 06)
- Re: REN-ISAC Advisory: Microsoft LDAP Changes Scott Norton (Feb 06)
  - Re: REN-ISAC Advisory: Microsoft LDAP Changes Michael Davis (Feb 07)