Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Impact of 2020 LDAP channel binding and LDAP signing requirement for Windows on Trend Micro InterScan Messaging Security Virtual Appliance and InterScan Messaging Security Suite

    • Updated:
    • 7 Feb 2020
    • Product/Version:
    • InterScan Messaging Security Suite 7.5
    • InterScan Messaging Security Suite 9.1
    • Interscan Messaging Security Virtual Appliance 9.1
    • Platform:
    • N/A
Summary

According to a Microsoft article, Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes. This update is anticipated to be available in March 2020.

After the hardening changes, Microsoft Active Directory server will reject LDAP simple binds.

Details
Public

The following products using Microsoft Windows LDAP service will be affected by the said update:

  • InterScan Messaging Security Virtual Appliance (IMSVA) 9.1
  • InterScan Messaging Security Suite (IMSS) 9.1 Linux
  • InterScan Messaging Security Suite (IMSS) 7.5 Windows

Below are the details of the impact:

  1. All IMSVA and IMSS versions support LDAP simple bind. If LDAP simple bind is configured on IMSVA or IMSS, after the hardening changes, LDAP related features will stop working.
  2. IMSVA 9.1 and IMSS 9.1 Linux users can mitigate the issue by following this Trend Micro article to enable encrypted communication between InterScan Messaging Security and LDAP server.
  3. IMSS 7.5 Windows only supports LDAP simple bind. If IMSS 7.5 Windows users need to continue using LDAP related features, they need to manually disable the LDAP channel binding and LDAP signing hardening changes made by the update.

IMSVA 9.1, IMSS 9.1 Linux, and IMSS 7.5 Windows using Domino LDAP and Open LDAP will not be impacted.

Recommended Action

We strongly advise administrators to enable LDAP channel binding and LDAP signing between now and March 2020 to find and fix IMSVA and IMSS compatibility issues. If any compatibility issue is found, administrators will need to contact Trend Micro for support.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
000240747
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.