Microsoft hardening - RC4 ciphers for NETLOGON - CVE-2022-38023
search cancel

Microsoft hardening - RC4 ciphers for NETLOGON - CVE-2022-38023


Article ID: 258929


Updated On:


ISG Proxy ProxySG Software - SGOS


With respect to CVE-2022-38023, Microsoft has come up with the following KB article. 

Microsoft KB: KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 - Microsoft Support

This is scheduled to happen on the 11th of April 2023, but can be extended to 11th of July 2023.

What we're seeing is that ProxySG is currently using the RC4 for RPC calls through Netlogon with the DC, generating this event:


EventID: 5840


The Netlogon service created a secure channel with a client with RC4.


Account Name: XXXXXBLUECOAT02$


 Account Type: Domain Member

 Client IP Address:

 Negotiated Flags: 6007ffff


For more information about why this was logged, please visit


Customers would like to make sure that nothing stops working on the aforementioned date.


Question: Does Broadcom have any official support/guidance as to how to make sure that RC4 ciphers are disabled everywhere on ProxySGs?


Release :


The CVE-2022-38023 does not affect ProxySG as it is already using RPC sealing instead of RPC signing for RPC calls through Netlogon with the DC.

Following rigorous internal testing, it's been verified that RPC seal REG value 2 (Enforcement Mode) does not cause problem with ProxySG/ASG, with Kerberos authentication.

We verified this on Windows 2019 server, that it does not cause issues if strict enforcement value 2 is implemented. ProxySG/ASG is able to authenticate Kerberos ticket with RPC seal.

NTLM works well too, no issues seen with strict RPC seal. Also, a ProxySG environment with BCAAA is not affected either.