We have reviewed the Microsoft Document (https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows
) and its hardening response to CVE-2017-8563. The patch is designed to provide hardening to Ldaps. Employing the fix allows administrators to enforce secured signing (encryption) for LDAP bindings using SSL (Secure Socket Layers). This will ensure that any non-secure Ldap requests are rejected either over port 389 (using SASL) or 636 (Ldap over SSL) where no valid certificate exists.
The patch does not impact CA Identity Manager Provisioning if SSL has been enabled at the Endpoint.