Microsoft is going to release a security patch through Windows Update next March which will disable certain authentication mechanisms via Lightweight Directory Access Protocol (LDAP) in Active Directory (AD), including the one used by UDS Enterprise.
As of that date, UDS Enterprise will only work with authentication via LDAPS (LDAP over SSL). Therefore, all UDS Enterprise administrators using the Microsoft AD authenticator in their VDI and vApp deployments must enable "Secure LDAP" (LDAPS) on their Active Directory server or servers.
We strongly recommend applying the changes as soon as possible in order to perform tests with the new configurations applied and thus ensure that the environments are ready and that their operation is not affected when Microsoft releases the update.
This patch has been designed to solve a security flaw recently discovered by Microsoft. As this manufacturer explains on its website, there is “an elevation of privilege vulnerability in Windows that could allow a man-in-the-middle attacker to successfully forward an authentication request to a Windows LDAP server, which has not configured to require signing or sealing on incoming connections”.
Initially, the release of this update was planned for this week, since Microsoft's initial intention was to publish it in mid-January. But a few days ago, the company reported that they have delayed the date in response to requests from system administrators, who have asked for more time to adjust their environments and test the configuration changes.
If you have an active UDS Enterprise subscription, our support team will help you apply all the necessary configurations on your VDI platform. You just have to get in touch with our experts through firstname.lastname@example.org
At this link in Microsoft’s website you can check all the information related to this topic.