Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
10
Helpful
1
Replies

ISE compatible with Microsoft's fix for CVE-2020-1472?

Federico Ziliotto
Cisco Employee
Cisco Employee

‎10-02-2020 09:27 AM

Hello,

 

Microsoft will soon enforce a fix for CVE-2020-1472:
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

Is ISE already comptaible with such a fix?

 

Thank you in advance,

 

Federico

1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎10-02-2020 04:20 PM - edited ‎10-02-2020 04:20 PM

I responded to an internal thread on 2020-Sept-12:

For ISE, I tried ISE 3.0 FCS candidate with Windows Servers 2019 updated to the latest Windows updates and not getting any of the windows events described in the MS article above. I also tried setting FullSecureChannelProtection​ to the value of 1 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters ​ and ISE 3.0 still able to authenticate.

Thus, we should be good to claim that ISE working ok with DC enforcing the use of Netlogon secure channel.

Customers Also Viewed These Support Documents