Skip to main content
IT Community Partnerships Indiana University

LDAP Security Patch

Posted on by mkleine

IT Professionals:

Microsoft has announced that it will be requiring binding and signing of LDAP queries for all Windows hosts in the January 2020 OS Security patch [1,2].  The Active Directory Servers at IU are currently monitoring client connections that will fail when the patch is applied.

At the moment, that list of hostnames includes a significant number of macOS machines, joined to Active Directory [3] or connecting to Exchange. However, we do not anticipate any issue for Macs bound to Active Directory.  If an AD bound macOS client is experiencing a login issue, you will need to rejoin it to the Active Directory [4].

There are also quite a number of service accounts or user accounts to unknown services, some of which reside on Data Center IP address space.

Actions for IT Pros

For macOS clients using Outlook, make sure the Use SSL to connect button is toggled in step 8 of the instructions linked below [5], or the last stage of step 6 here [6].

For Enterprise Service Owners, please check your data center VLANs against the included list, to make sure your services are not included.  If you do have enterprise services in the list, please check any LDAP connections on those hosts, to see if you can configure changes to require binding or signing.

For other clients, IT Pros can attempt to locate an application or service that is running as the indicated user or machine object that connects via LDAP, and see if that application can be configured to require binding or signing.

The Active Directory Admins will continue to update this folder with impact lists.  From the initial run-through, just over 3800 distinct internal hosts are affected.

If you have any further questions, please contact sct2@iu.edu.

–IT Community Partnerships on behalf of the Campus Communications Infrastructure team

[1] https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
[2] https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
[3] https://iu.box.com/s/p8r805t4air9xujzl121b73nhzo6nwg4
[4] https://kb.iu.edu/d/aziv
[5] https://support.microsoft.com/en-us/help/2648915/microsoft-outlook-for-mac-compatibility-with-apple-icloud
[6] https://kb.iu.edu/d/baiq

~~~~~ Today’s IT Pro Tip ~~~~~

IT Community Partnerships would like to invite you to the upcoming IT Water Cooler event on Thursday, December 5 @ 1:30 pm, held in Innovation Center 105. The IT Water Cooler is an opportunity to meet and exchange ideas with others interested in IU IT. Please register for the event here: https://iu.zoom.us/webinar/register/WN_RiWGs3jQRaebnPhKklV5oQ

Skip to toolbar