This has been brought to our attention by a reader (thank you, William!). The vulnerability %%cve:2022-38038%% affected the Microsoft Netlogon[1] procedure with an RPC escalation of privilege vulnerability. Microsoft provided a patch to fix it. It improves the Netlogon security by enforcing RPC sealing instead of signing off the communication with the Domain Controller. RPC sealing is a security measure that both signs and encrypts the messages sent over the wire by the Netlogon protocol. Microsoft released a knowledge base article[2] with more information about the technique used to fix the vulnerability.
Sealing is controlled via a registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters
“RequireSeal” can be set to the following values:
When the patch was released, it was in compatibility mode, but Microsoft defined an interesting timeline:
M ..
Support the originator by clicking the read the rest link below.