ADV190023 enables and hardens through LDAP channel binding and LDAP signing
With the security update expected to be released in the second half of 2020, Microsoft is increasing and strengthening the security of the network communication between clients and domain controllers. Update ADV190023 will automatically set the appropriate settings for compatible systems. You can learn what the problem is and how to find out whether EASY products you are using are affected in this advisory note.
What is the problem – and how does ADV190023 help?
Criminals attempt to exploit weaknesses in simple, unencrypted Active Directory (AD) services, to spy on – and intercept – the communications between the users and the computers within your company network. The aim is to access your company’s resources and corporate data.
With the update ADV190023, Microsoft intends to reduce this risk by improving and hardening the security of Windows Active Directory with this security update.
ADV190023 establishes encrypted connections between web applications and your company’s Active Directory. This will exclude man-in-the-middle attacks due to the enormous increase in effort required to breach connections encrypted using Transport Layer Security (TLS).
EASY modules with Active Directory integration
The following EASY modules have AD integration:
- EASY Archive / EASY Enterprise.x
- EASY DMS, EASY Workflow (Documents)
- EASY Capture Plus
- EASY ApiOmat
Important information: You should also check the currency of your versions of EASY products to ensure that they are always up-to-date.
If the Microsoft Security update is applied without reconfiguring your AD-integrated EASY Platform, your users may not be able to log into EASY! In this event, administrators should carry out a reconfiguration. Please note that these security changes have been issued by Microsoft itself and not by EASY SOFTWARE AG.
What do I do next?
Get in touch with your IT department:
- Point them to the Microsoft Security patch ADV190023
- When will the IT department install this patch in your network?
Get in touch with the EASY Experts:
- Determine whether your EASY Platform is integrated into an Active Directory
- Check your versions of EASY products are up-to-date
Plan an updating project
- Reconfigure your EASY Platform for LDAPS
- Plan a controlled update to minimize user interruption
Assemble a team to work through everything together.
If you have any questions, please get in touch with your EASY Partner.