Request Demo
Request Demo

View Support Bulletins

View support bulletins, typically issued monthly or as needed

 

January 2023

Topic: KB5014754 “Certifried” Issue

Dear Customers,

We wanted to provide a quick update regarding the Microsoft KB501474 update. Axiad is updating our guidance for a resolution.

We have updated the FAQ to provide the latest information and address new questions.

To learn more, visit the Support FAQ page.

December 2022

Topic: KB5014754 “Certifried” Issue

Dear Customers,

We wanted to provide a quick update regarding the Microsoft KB501474 update. Microsoft has recently announced that they will postpone the enforcement of the new certificate requirements until November 14, 2023.

We have updated the FAQ to provide the latest information and address new questions.

To learn more, visit the Support FAQ page.

November 2022

Topic: KB5014754 “Certifried” Issue

Dear Customers,

We wanted to provide another update on progress made since our last bulletin. We have updated the FAQ to provide the latest information and address new questions.

To learn more, visit the Support FAQ page.

September 2022

Topic: KB5014754 “Certifried” Issue

Dear Customers,

We want to provide an update on our progress towards supporting the changes required by the Microsoft KB501474 update. We understand how critical this change is and the impact it may have on your environments. That is why we are balancing the need to get this update distributed as soon as possible with the requirement for a sure and safe resolution to the problem. We have identified the required changes to the Axiad solutions that are needed to accommodate the requirements created by the Microsoft KB501474 update and we are working, along with our partners, to implement these changes as soon as possible. However, a resolution is complex and unfortunately we will not make the previously communicated target product enhancement date of the end of September. We expect to finalize the delivery dates for the product enhancement soon and will communicate those release dates, along with any other updates, in the coming weeks.

We wanted to provide another update on progress made since our August 2022 bulletin. We produced a FAQ to address questions received to date.

To learn more, visit the Support FAQ page.

August 2022

Topic: KB5014754 “Certifried” Issue

Dear Customers,

Microsoft has released an additional CVE (CVE-2022-34691) with the August 2022 monthly patching that relates to the KB5014754 update that was released with the May 2022 patch cycle. This new CVE does not change the current guidance from Axiad. Our current guidance is still as follows:

Install the May 2022 monthly rollup patches that includes KB5014754 on both Microsoft Enterprise CAs and Active Directory Domain Controllers, as recommended by Microsoft. Monitor for event ID 40 in your domain controller logs, which would indicate that some certificates predate the user account they’re pointed to. This should normally not be possible for certificates issued with our solution, so we recommend you investigate every instance on a case by case basis, if possible. If you need to remediate this issue in the short term, consider configuring the option CertificateBackdatingCompensation as described in KB5014754: Certificate-based authentication changes on Windows domain controllers (microsoft.com)

Based on the way Axiad Cloud and Axiad UCMS are architected, the risks identified in KB5014754 are greatly reduced. Certificate issuance through Axiad is tightly controlled and users are not able to manipulate certificate attributes during the issuance process. However, any certificates that are issued outside of the Axiad solutions may be subject to the risks identified in KB5014754. Even though the Axiad solutions minimize the identified risks, we will update the certificate issuance process to accommodate the new strong mapping requirements from Microsoft.

We are still finalizing the required changes to the Axiad solutions to accommodate the changes brought forth by KB5014754. Here is a brief update. Axiad is targeting a product enhancement for the end of September 2022 to support the issuance of user certificates with this new SID attribute. This will allow new certificates and renewed certificates issued through Axiad to comply with the strong mapping requirement from Microsoft. But, this only solves the problem for new certificates or certificates that will be renewed before the May 2023 date that Microsoft is imposing with the KB5014754 update. To accommodate the certificates that will not be renewed before the May 2023 date, we will provide the following:

  • An export of the existing user certificates that do not contain the SID attribute (or a script to run to export the user certificates, in the case of on premises customers)
  • A script that can be used to import the certificate data into Active Directory
  • By importing the certificate data into Active Directory, it will eliminate the need to bulk renew any user certificates that are set to expire after the May 2023 date.
  • For machine certificates that were issued through Axiad, we will provide an update in September.

This topic is a priority for Axiad and we will continue to track this issue with Microsoft and provide updates as new information becomes available.