ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

UNAB 1281-1.0.2439 compatibility with CVE-2020-1472 to use only secure MS-NRPC

book

Article ID: 199246

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Is UNAB compatible with CVE-2020-1472 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 to use only secure MS-NRPC communication ?

Cause

At a high level, the situation is that there is a domain controller side patch being mandated by Microsoft to address a Netlogon Remote Protocol (MS-NRPC) vulnerability.

 

After the patch is applied and enforcement is turned on the domain controllers,

 

all member server endpoint devices in the domain are subsequently required to use only secure MS-NRPC communication to maintain their domain joined machine account membership.

 

We’d like to confirm in advance that UNAB domain joined devices are compatible.

 

Environment

Release : 12.8

Component : CA ControlMinder

Resolution

UNAB does not use Netlogon Remote Protocol (MS-NRPC) - it is using Kerberos and kerberised LDAP to authenticate to AD.

Hence we can confirm that UNAB is not affected by this CVE