My Oracle Support Banner

Impact of Microsoft Security Advisory ADV190023 LDAP Channel Binding And LDAP Signing on Secure Global Desktop (Doc ID 2629172.1)

Last updated on MAY 06, 2020

Applies to:

Oracle Secure Global Desktop - Version 5.4 and later
Information in this document applies to any platform.

Goal

Microsoft is planning to release a patch in March 2020 regarding ADV190023.
This advisory provided by Microsoft addresses the issue by recommending a new set of default configurations for LDAP channel binding and LDAP signing on Active Directory Domain Controllers that supersedes the original less secure configuration.

Reading the following advisory links:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

suggests LDAPS (TLS), AD+clientcerts (TLS) and AD (Kerberos) service objects in SGD could be affected by these changes.

This document is to explain the impact of this patch on SGD customers who use LDAPS/AD service objects and the test progress.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Impact In March 2020
 Impact when the settings are changed
 Actions Required
 Option 1 - Raise the security-level of SGD
 
Option 2 - Lower the security-level of AD
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.