STEALTHbits’ free program helps orgs mitigate risks associated with Microsoft’s pending AD update

STEALTHbits, a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, announced a free program designed to help organizations mitigate the risks of operational outage associated with Microsoft’s pending update to Active Directory slated for March 2020.

The update, which applies to nine (9) Windows Operating System levels and many more versions, aims to address a vulnerability that exposes Active Directory Domain Controllers to privilege escalation scenarios.

Microsoft is recommending organizations enable the LDAP channel binding and LDAP signing features they will enforce by default in March before the update is provided, as a means by which to identify systems, applications, and other devices that will be incompatible with the more secure configuration.

They are also advising organizations to contact the providers of incompatible technologies to obtain necessary fixes if configuration options aren’t already available to achieve compatibility.

“As a security software provider, we are in full support of Microsoft’s move to improve the security of Active Directory and the vast number of resources connected to it,” said Jeff Warren, GM Products at STEALTHbits Technologies.

“This update underscores the importance of Active Directory not just from a security standpoint, however. Operationally, this security-focused update has the potential of affecting system uptime and business continuity on a broad scale.”

He continued, “In conjunction with Microsoft’s native LDAP authentication-focused auditing or standalone, our StealthINTERCEPT platform and its low-level, surgical LDAP query monitoring capabilities can make the exercise of identifying incompatible technologies simple and safe for any organization.

“Given the tight timelines and the severity of the situation, we’re willing to help anyone who needs it to figure out exactly what they’re dealing with before the update is released.”

StealthINTERCEPT’s LDAP module is capable of capturing the fine-grained details of the queries being executed against Active Directory. These details not only include whether or not the query was executed securely and where it was coming from, but what the query was actually requesting from the directory.

Using StealthINTERCEPT’s LDAP blocking functionality, organizations can also simulate the effect of the update in broad or selective ways, without actually modifying Active Directory configurations.