Microsoft is ending support for RC4 encryption and defaulting to AES encryption. This is applicable to:
The November 8, 2022 and later Windows updates address weaknesses in the Netlogon protocol when RPC signing is used instead of RPC sealing.
What is RPC signing and RPC sealing?
RPC signing is when the Netlogon protocol uses RPC to sign the messages it sends over the wire.
RPC sealing is when the Netlogon protocol both signs and encrypts the messages it sends over the wire.
Ref: https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
-----------------------------
As per above Information from Microsoft, to address CVE-2022-38023 they have enforced to use the RPC sealing instead of signing in netlogon protocol.
DD is already supporting the RPC sealing which means DD is not impacted with CVE-2022-38023.
However, DD uses RC4 encryption for RPC sealing (which is weak encryption) for which Microsoft is generating the warning in the event viewer (Event ID 5840).
So to make the DD more secure with Netlogon protocol we have added support for AES encryption for RPC sealing which will be available in the future versions 7.12 and LTS releases (7.7.5.20 & 7.10.1.10).
Based on the internal escalations directly related to the above listed CVEs, this change does not affect the Data Domain product. However, Data Domain is replacing the RC4 encryption with AES encryption in future releases.If a CIFS share is accessed by an AD user, then it always uses Netlogon request with RC4 encryption.
However cifs shares are not vulnerable or impacted on the Data Domain.
Future versions of Data Domain 7.12 and LTS releases (7.7.5.20 & 7.10.1.10) will be using AES encryption in Netlogon request.