Network and Storage Protocols

Microsoft CVE-2022-38023 and NTLMv2

RandyRue
1,215 Views
We've upgraded our AFF-A220 to 9.13.1 as perNetApp's SU530
 
and should be all good to go for next Tuesday's closing of the door on NTLMv2 authentication.
 
However,
 
scrb::> vserver cifs session show -vserver sdata -fields auth-mechanism,address,windows-user
node     vserver    session-id           connection-id address         auth-mechanism windows-user
-------- ---------- -------------------- ------------- --------------- -------------- ------------
scrb-a sdata      12223613813613660030 4271015427    10.6.154.156    NTLMv2         FHC\rgrasdue
 
still shows all of our CIFS connections using NTLMv2 to authenticate (one line is shown of hundreds of connections)
 
Are we ready for next week's update? Will the auth-mechanism change after we patch our DCs? Or will all our CIFS connections break?
 
1 REPLY 1

Ontapforrum
1,164 Views

Enhancement in ONTAP release such as 9.13.1 (to address CVE-2022-38023) does not close NTLMv2 authentication, rather it allows it pass through without 'access denied' error. Basically, if you DO NOT upgrade to the fixed_ontap_release, then after July 11, all the NTLMv2 auth-users will be access denied.

Public