Enabling LDAP Channel Binding and LDAP Signing!
Castleton takes the security of your services and data very seriously. We wish to bring to your attention a potentially high severity vulnerability recently announced by Microsoft.
“LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. A set of unsafe default configurations for LDAP channel binding and LDAP signing exist on Active Directory domain controllers that let LDAP clients communicate with them without enforcing LDAP channel binding and LDAP signing. This can open Active Directory domain controllers to an elevation of privilege vulnerability”.
On March 10, 2020, Microsoft addressed this vulnerability by providing options for administrators to harden the configurations for LDAP channel binding on Active Directory domain controllers.
More information can be found here.
To guarantee protection against this vulnerability, Castleton recommends that if you have any related Servers or Devices you should update them as soon as possible.
If you require any assistance or have any questions or concerns, please contact your Castleton Account Manager or email us.