Potential NetApp SMB/CIFS Disruption After Installation of Microsoft Patch

Summary

Microsoft has released a security patch to address the issue related to NETLOGON that could allow for spoofing attacks to be executed. 

  • To address a vulnerability in the Windows Netlogon RPC code (details in CVE-2022-38023), Microsoft is enforcing a new higher level of Netlogon security for Windows Domain Controllers.

NetApp has received reports of SMB (CIFS) service disruptions on Storage Products. 

Systems impacted by this patch exhibit a denial of the client logon when using NTLMv2 for communication with the Domain Controllers. This behavior is applicable to SMBv1, SMBv2, and SMBv3 clients. 

Carefully review the known issues associated with the Microsoft security patch. It is always recommended that the impact of any patch be determined in a test environment prior to production deployment.

Impact Critical: Cluster Data Outage

NetAPP SMB (CIFS) services disruption has been reported by some customers after installation of the patch on their Microsoft Domain Controllers.

NetApp’s Recommendation

Before the June 13, 2023 “Enforcement by Default” phase,

either

  • (preferred) Upgrade all systems running ONTAP to one of the releases in the “Solution” section of this bulletin (or later, as available) or
  • Apply the “Compatibility mode” RequireSeal = 1 registry key value to all Windows domain controllers (see the “Workaround” section of this bulletin for more details)
  • Before the July 11, 2023 “Enforcement” phase, if not already upgraded, upgrade all systems running ONTAP to one of the releases in the “Solution” section of this bulletin (or later, as available).

Important: After the July 11, 2023 “Enforcement” phase there is no workaround for systems running ONTAP 9. ONTAP 9 systems MUST be upgraded to one of the releases in the “Solution” section of this bulletin (or later, as available).

Solution

Upgrade to a release of ONTAP with the enhancement (tracked in ID 1514175) to support the Microsoft requirement to use Netlogon RPC sealing, as detailed in CVE-2022-38023.

This enhancement is introduced in the following ONTAP releases:

  • 9.7P22(published April 11, 2023)
    • Cloud Volumes ONTAP version here
  • 9.8P18(published April 19, 2023)
    • Cloud Volumes ONTAP version here
    • The following 9.8 based Service Updates also include the ID 1514175 enhancement
      • 9.8P19 (published May 27, 2023)
  • 9.9.1P15(published April 7, 2023)
    • Cloud Volumes ONTAP version here
    • The following 9.9.1 based Service Updates also include the ID 1514175 enhancement
      • 9.9.1P16 (published June 6, 2023)
  • 9.10.1P12 (published April 25, 2023)
    • Cloud Volumes ONTAP version here
  • 9.11.1P8(published April 28, 2023)
    • Cloud Volumes ONTAP version here
    • The following 9.11.1 based Service Updates also include the ID 1514175 enhancement
      • 9.11.1P9 (published May 17, 2023)
      • 9.11.1P10 (published June 14, 2023)
  • 9.12.1P2(published April 10, 2023)
    • Cloud Volumes ONTAP version here
    • The following 9.12.1 based Service Updates also include the ID 1514175 enhancement
      • 9.12.1P3 (published May 17, 2023)
      • 9.12.1P4 (published June 15, 2023)
    • Note that because of other issues seen on systems running ONTAP 9.12.1, the use of 9.12.1P4 (or higher, as available) is strongly recommended for FAS or AFF storage systems running versions of ONTAP 9.12.1
  • 9.13.0P1 (Published April 12, 2023 as a Cloud Volumes ONTAP specific release)
    • The following Cloud Volumes ONTAP 9.13.0 based Service Updates also include the ID 1514175 enhancement
      • 9.13.0P3 (published June 6, 2023)

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top