In March 2020 Microsoft plans to release a security update on Windows Update that by default enables LDAP channel binding and LDAP signing hardening changes for Active Directory. Details and technical background of these changes are described in the Microsoft articles linked in the related information section of this KBA.
When the security settings are enabled and the pre-conditions are not met, especially if SafeGuard Server and computers running the SafeGuard Management Center are not updated with the required Microsoft Security Updates (see CVE-2017-8563), the SSL directory authentication does not work any longer.
For SafeGuard this means that,
Example error messages:
The following sections are covered:
Applies to the following Sophos products and versions SafeGuard Enterprise Server 8.0SafeGuard Enterprise Server 8.1SafeGuard Enterprise Server 8.2SafeGuard Enterprise Server 8.3SafeGuard Management Center 8.0SafeGuard Management Center 8.1SafeGuard Management Center 8.2SafeGuard Management Center 8.3
Ensure that all involved computers are patched with the relevant Microsoft security update for CVE-2017-8563.
Alternatively you can:
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.