ONTAP Discussions

Is CVE-2021-42287's updates compatible with ONTAP 9?

JOEY_STORAGE
1,786 Views

In November 9 2021, Microsoft release a monthly security update, which imporves authentication safaty described in CVE-2021-42287

 

I have a test in NAS lab:

1. Windows server 2019( with KB5007206): Set PacRequestorEnforcement registry value to “2” (Enforcement phase)

2. Ontap simulater 9.8P7: A SVM join AD domain with administator

 

It returns "join failed".

 

20211115-netapp-join-ad-domain-failed.png

Trace packet shows an error about KPASSWD, seems that initiate the password of machine account

JOEY_STORAGE_1-1636980840248.png

 

 

1 ACCEPTED SOLUTION

andris
400 Views

Closing the loop... this issue is tracked by Bug 1465232 - CIFS password change operation might fail.

There are ONTAP fixes in various branches, as well as a workaround if an ONTAP upgrade is not possible at this time.

View solution in original post

3 REPLIES 3

paul_stejskal
1,736 Views

I am checking with NAS. Please open a case. This is news to us because there are zero cases on this, but good looking out.

 

Post the case # when done.

JOEY_STORAGE
1,670 Views
Hi,
Case # 2008980660 is here, please update the Cause&Solution soon in KB
 
 
Thanks

andris
401 Views

Closing the loop... this issue is tracked by Bug 1465232 - CIFS password change operation might fail.

There are ONTAP fixes in various branches, as well as a workaround if an ONTAP upgrade is not possible at this time.

Public