Open-E Knowledgebase

[DSS V7][JDSS]Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

Article ID: 3481
Last updated: 05 Jul, 2023

Additional information:

  • product name: JovianDSS/DSS V7

Subject:

Potential Active Directory connectivity issues after addressing CVE-2022-38023 by Microsoft

Contents:

Open-E JovianDSS and DSS V7 uses Netlogon protocol as a secure way of communication with Active Directory. Windows has announced security vulnerability CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability). The official announcement by Microsoft can be found under this link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023

On November 8, 2022 Microsoft has released an official fix that has addressed CVE-2022-38023 and customers may be worried if it influences the connectivity between our products and Active Directory.

Tests were carried out on Windows Server 2019 and Windows Server 2022 systems before the security update and after performing a complete update. In both cases Open-E JovianDSS and Open-E DSS V7 connected to Active Directory without issues and the access authorization to NAS shares was successful.

This article was:   Helpful | Not helpful Report an issue


Article ID: 3481
Last updated: 05 Jul, 2023
Revision: 2
Views: 0
Posted: 04 Jul, 2023 by Litwinowicz R.
Updated: 05 Jul, 2023 by Litwinowicz R.
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Also listed in
folder DSS V7 -> DSS V7 Information -> General info -> NAS
folder JovianDSS -> JovianDSS Information -> General info -> NAS

Prev     Next
[DSS V7] How to run Open-E DSS V7 in rescue mode?       Changing the Disk Timeout setting in Windows OS

The Knowledge base is managed by Open-E data storage software company.