[DSS V7][JDSS]Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

Additional information:

• product name: JovianDSS/DSS V7

Subject:

Potential Active Directory connectivity issues after addressing CVE-2022-38023 by Microsoft

Contents:

Open-E JovianDSS and DSS V7 uses Netlogon protocol as a secure way of communication with Active Directory. Windows has announced security vulnerability CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability). The official announcement by Microsoft can be found under this link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023

On November 8, 2022 Microsoft has released an official fix that has addressed CVE-2022-38023 and customers may be worried if it influences the connectivity between our products and Active Directory.

Tests were carried out on Windows Server 2019 and Windows Server 2022 systems before the security update and after performing a complete update. In both cases Open-E JovianDSS and Open-E DSS V7 connected to Active Directory without issues and the access authorization to NAS shares was successful.