KB5008380—Authentication updates (CVE-2021-42287)

Question

Hi,

I have some questions regarding KB5008380—Authentication updates (CVE-2021-42287)
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

From the documentation, November patch,

"After the November 9, 2021 update has been installed on all Active Directory domain controllers for at least 7 days, we strongly suggest that you enable Enforcement mode on all Active Directory domain controllers."

Do I understand correctly that we should do the following on the domain controllers that are patched... or could I just leave it since we have control on updating our domain controllers

1. Add registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc\PacRequestorEnforcement with REG_DWORD and value 2

What have you done ? :)

Thanks for reply.

/Regards
Andy

Answer 1

Hi @Andreas ,

It is not mandatory to do, only strongly suggested, also according to Microsoft's assessment on the CVE-2021-42287, the exploitation is considered "less likely", so it's not something I would worry about as it will also be automatically patched in the future.

But if you do choose to proceed with the enforcement, then yes, you will have to create the registry key (DWORD) PacRequestorEnforcement with the value of 2 under the location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc.

----------

If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

Best regards,
Leon

Answer 2

In the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
Create a new DWORD value IgnoreRemoteKeyboardLayout and give it the value 1.

That should be sufficient to solve your problem.

---

--If the reply is helpful, please Upvote and Accept as answer--