Pure Storage is aware that a recent Microsoft Windows update causes login failures on Pure Storage FlashArray. The Windows update was released to address a weakness in the Netlogon protocol but causes the following error when applied to an Active Directory Server: "The Netlogon service encountered a client using RPC signing instead of RPC sealing.".
This is a Microsoft Vulnerability that was addressed by changing RPC behavior in Microsoft Server. While Pure Storage is not directly affected by this vulnerability (CVE-2022-38023) //FA Purity has to be updated if using FA-File.
CVE-2022-32023 - Netlogon RPC Elevation of Privilege Vulnerability, released Nov 8, 2022.
CVSS Base score 8.1 / Temporal score 7.1 (as provided by Microsoft).
An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. This could allow the attacker to gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.
RPC signing is when the Netlogon protocol uses RPC to sign the messages it sends over the wire. RPC sealing is when the Netlogon protocol both signs and encrypts the messages it sends over the wire.
For more information please see How to manage Netlogon Protocol changes related to CVE-2022-38023
Customers qualifying or running impacted versions on FlashArray with Microsoft File enabled should qualify / upgrade to the latest approved release of these Purity versions (6.4.5+, 6.3.11+).
General Mitigation Best Practices
For more information please refer to the following Microsoft KB How to manage Netlogon Protocol changes related to CVE-2022-38023.
If you would like one of our engineers to assist you with this issue please call +1(866) 244-7121. If calling from outside the US here is a list of phone numbers: https://support.purestorage.com/Pure1/Support.