Network Attached Storage​

 View Only

 HNAS Product impact for Microsoft Security Patch KB5008380

Neo Zhao's profile image
Neo Zhao posted 12-16-2021 20:59
Microsoft released Security Patch KB5008380 and suggested user to enable enforcement mode "2" after install the patch on Domain Controller. 

Some other storage vendors reported  issue for their products after enable enforcement mode "2" (eg. failed to join AD) in this case. There is no related information in Hitachi support Portal. See if any one could share if there is any impact for HNAS. Many Thanks

Microsoft reference:
https://support.microsoft.com/en-gb/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
Albert Hagopian's profile image
Albert Hagopian

I see you are the customer who asked our APAC Technical Expert about this CVE, and to date, no one has reported any issue - just curiosity.

Further assuming you have read NetApp's alert on the topic and are wondering if HNAS is vulnerable.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Windows_Server_KB5008380_%2F%2F_CVE-2021-42287_in_Enforcement_mode_breaks_ONTAP_9_CIFS_Authentication

Our Technical in APAC @Guogang Zhao has been investigating with our Eng team as well. Currently we are in the assessment mode (patching lab DC's, etc) and setting up environments for tests.

Guogang Zhao's profile image
Guogang Zhao
Hi, Neo, I am the APAC Technical Expert of HNAS, as Al referred, and we are investigating this. We will let you know the result as soon as we get it. thank you for your understanding.​