search cancel

Does Microsoft patch to avoid CVE-2021-42287 impact on Identity Manager?

book

Article ID: 239160

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Microsoft has published below measure to avoid CVE-2021-42287 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287), i.e. Active Directory Domain Services Elevation of Privilege vulnerability.

https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

After applying Microsoft KB5008380 patch to avoid CVE-2021-42287, will Identity Manager Connectors be impacted/broken?

Environment

Release : 14.3, 14.4

Component : IdentityMinder(Identity Manager)

Resolution

Microsoft security patch for CVE-2021-42287 shouldn't cause any problem for AD/ADS connector as the authorization verification will happen between windows services and the domain controller.

The Kerberos connector for Solaris connects to KDC using an SSH communication to manage Kerberos principals and Kerberos password policies. This authorization issue will never arises.