Skip to main content
Pure Technical Services

Security Bulletin - Microsoft Netlogon RPC Elevation of Privilege Vulnerability CVE-2022-38023

Currently viewing public documentation. Please login to access the full scope of documentation.

KP_Ext_Announcement.png

Summary  Edit section

Pure Storage is aware that a recent Microsoft Windows update causes login failures on Pure Storage FlashArray. The Windows update was released to address a weakness in the Netlogon protocol but causes the following error when applied to an Active Directory Server: "The Netlogon service encountered a client using RPC signing instead of RPC sealing.". 

This is a Microsoft Vulnerability that was addressed by changing RPC behavior in Microsoft Server.  While Pure Storage is not directly affected by this vulnerability (CVE-2022-38023) //FA Purity has to be updated if using FA-File.

Details  Edit section

CVE-2022-32023 - Netlogon RPC Elevation of Privilege Vulnerability, released Nov 8, 2022.

  • CVSS Base score 8.1 / Temporal score 7.1 (as provided by Microsoft).

  • An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. This could allow the attacker to gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.

  • RPC signing is when the Netlogon protocol uses RPC to sign the messages it sends over the wire. RPC sealing is when the Netlogon protocol both signs and encrypts the messages it sends over the wire.

  • For more information please see How to manage Netlogon Protocol changes related to CVE-2022-38023

Corrective Action  Edit section

Customers qualifying or running impacted versions on FlashArray with Microsoft File enabled should qualify / upgrade to the latest approved release of these Purity versions (6.4.5+, 6.3.11+). 

General Mitigation Best Practices  Edit section

For more information please refer to the following Microsoft KB How to manage Netlogon Protocol changes related to CVE-2022-38023.

Contacting Support  Edit section

If you would like one of our engineers to assist you with this issue please call +1(866) 244-7121. If calling from outside the US here is a list of phone numbers: https://support.purestorage.com/Pure1/Support.