Microsoft CVE-2022-38023 and NTLMv2

RandyRue — Wed, 04 Jun 2025 09:47:20 GMT

We've upgraded our AFF-A220 to 9.13.1 as perNetApp's SU530

and should be all good to go for next Tuesday's closing of the door on NTLMv2 authentication.

However,

scrb::> vserver cifs session show -vserver sdata -fields auth-mechanism,address,windows-user
node vserver session-id connection-id address auth-mechanism windows-user
-------- ---------- -------------------- ------------- --------------- -------------- ------------
scrb-a sdata 12223613813613660030 4271015427 10.6.154.156 NTLMv2 FHC\rgrasdue

still shows all of our CIFS connections using NTLMv2 to authenticate (one line is shown of hundreds of connections)

Are we ready for next week's update? Will the auth-mechanism change after we patch our DCs? Or will all our CIFS connections break?

Re: Microsoft CVE-2022-38023 and NTLMv2

Ontapforrum — Fri, 07 Jul 2023 22:56:46 GMT

Enhancement in ONTAP release such as 9.13.1 (to address CVE-2022-38023) does not close NTLMv2 authentication, rather it allows it pass through without 'access denied' error. Basically, if you DO NOT upgrade to the fixed_ontap_release, then after July 11, all the NTLMv2 auth-users will be access denied.

topic Re: Microsoft CVE-2022-38023 and NTLMv2 in Network and Storage Protocols

Microsoft CVE-2022-38023 and NTLMv2

Re: Microsoft CVE-2022-38023 and NTLMv2