Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Baskets

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000210755

Is Data Domain affected by Microsoft KB5020805 (CVE-2022-37967), Microsoft KB5021130 (CVE-2022-38023), or Microsoft KB5021131 (CVE-2022-37966)

Summary: Is Data Domain affected by Microsoft KB5020805 (CVE-2022-37967), Microsoft KB5021130 (CVE-2022-38023), or Microsoft KB5021131 (CVE-2022-37966)

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Microsoft KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.
Microsoft KB5021131: How to manage Kerberos protocol changes related to CVE-2022-37966.
Microsoft KB5021130: How to manage Netlogon protocol changes related to CVE-2022-38023.

Cause

Microsoft is ending support for RC4 encryption and defaulting to AES encryption. This is applicable to:

  • Data Domain (DD)
  • RC4
  • AWS
  • DDBoost
  • BoostFS

Resolution

The November 8, 2022 and later Windows updates address weaknesses in the Netlogon protocol when RPC signing is used instead of RPC sealing.

What is RPC signing and RPC sealing?
RPC signing is when the Netlogon protocol uses RPC to sign the messages it sends over the wire.
RPC sealing is when the Netlogon protocol both signs and encrypts the messages it sends over the wire.

Ref: https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
-----------------------------

As per above Information from Microsoft, to address CVE-2022-38023 they have enforced to use the RPC sealing instead of signing in netlogon protocol.
DD is already supporting the RPC sealing which means DD is not impacted with CVE-2022-38023.
However, DD uses RC4 encryption for RPC sealing (which is weak encryption) for which Microsoft is generating the warning in the event viewer (Event ID 5840).

So to make the DD more secure with Netlogon protocol we have added support for AES encryption for RPC sealing which will be available in the future versions 7.12 and LTS releases (7.7.5.20 & 7.10.1.10).

Based on the internal escalations directly related to the above listed CVEs, this change does not affect the Data Domain product. However, Data Domain is replacing the RC4 encryption with AES encryption in future releases.

Data Domain is replacing the RC4 encryption with AES encryption in DDOS 7.12 to be GA 7/18/23 and also in LTS 7.7.5.20 and 7.10.1.10 to be GA in August 23 and September 23 time frame.

Additional Information

If a CIFS share is accessed by an AD user, then it always uses Netlogon request with RC4 encryption.
However cifs shares are not vulnerable or impacted on the Data Domain. 
Future versions of Data Domain 7.12 and LTS releases (7.7.5.20 & 7.10.1.10) will be using AES encryption in Netlogon request.

Article Properties

Affected Product

Data Domain

Product

DD OS

Last Published Date

26 Jul 2023

Version

8

Article Type

Solution

Back to Top