<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
[DocHelp to BCC, support on CC, SR ID on Subject]</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Hi Andrew,</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
We have created SR 2404090040000814 to address the question about PAC signature changes. One of our engineers will respond. </div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<p><span style="font-family: Arial, sans-serif; font-size: 10pt; color: blue;">Best regards,</span><span style="font-family: Arial, sans-serif; font-size: 10pt; color: navy;"><b><br>
<i>Jeff M</i></b></span><span style="font-family: Arial, sans-serif; font-size: 10pt; color: rgb(0, 32, 96);"><b><i><sup>c</sup></i></b></span><span style="font-family: Arial, sans-serif; font-size: 10pt; color: navy;"><b><i>Cashland (He/him)
</i>| Senior Escalation Engineer<i> | Microsoft</i></b></span><span style="font-family: Arial, sans-serif; color: navy;"><b> </b></span><span style="font-family: Arial, sans-serif; font-size: 10pt; color: navy;"><b>Protocol Open Specifications Team</b></span></p>
<p><span style="font-family: Arial, sans-serif; font-size: 9pt; color: blue;">Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)</span></p>
<p><span style="font-family: Arial, sans-serif; font-size: 8pt; color: blue;">Local country phone number found here:
</span><span style="font-family: Arial, sans-serif; font-size: 8pt; color: rgb(47, 84, 150);"><a href="http://support.microsoft.com/globalenglish" id="OWA2c550698-f0c4-23a7-8cf2-b4158f5fa0a6" class="OWAAutoLink" data-loopstyle="linkonly" style="margin-top: 0px; margin-bottom: 0px;">http://support.microsoft.com/globalenglish</a></span><span style="font-family: Arial, sans-serif; font-size: 8pt; color: blue;"> |
Extension 1138300</span></p>
<p> </p>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Andrew Bartlett <abartlet@samba.org><br>
<b>Sent:</b> Monday, April 8, 2024 4:26 PM<br>
<b>To:</b> Interoperability Documentation Help <dochelp@microsoft.com><br>
<b>Cc:</b> cifs-protocol mailing list <cifs-protocol@lists.samba.org><br>
<b>Subject:</b> [EXTERNAL] Looking for missing documentation (MS-KILE?) for CVE-2024-21427, CVE-2024-20674 and PAC signature changes</font>
<div> </div>
</div>
<div style="text-align:left; direction:ltr">
<div>Kia Ora Dochelp,</div>
<div><br>
</div>
<div>Recently we have seen CVE-2024-21427 and CVE-2024-20674 issued.</div>
<div><br>
</div>
<div>The first <span style="font-size:14.666667px">CVE-2024-21427</span>, we know what the details are from our report, but we don't have details of the protocol change from the MS side, so would like the full details in case there were protocol changes we
didn't anticipate. </div>
<div><br>
</div>
<div>We don't have any details of the protocol changes for <span style="font-size:14.666667px">CVE-2024-20674, and as it is marked Critical we would like to ensure we don't have a similar issue or can follow any protocol changes made for interoperability. </span></div>
<div><span style="font-size:14.666667px"><br>
</span></div>
<div><span style="font-size:14.666667px">Finally, we have noticed in November (or earlier) that the Server signature in the Kerberos PAC is no longer RC4_HMAC, even with RC4 tickets. This makes a lot of sense, but I don't see any documentation and I would
like to update our implementation to match.</span></div>
<div><span style="font-size:14.666667px"><br>
</span></div>
<div>We would greatly appreciate any information that is available on these recent Kerberos protocol changes. </div>
<div><span style="font-size:14.666667px"><br>
</span></div>
<div><span style="font-size:14.666667px">Thanks,</span></div>
<div><span style="font-size:14.666667px"><br>
</span></div>
<div><span style="font-size:14.666667px">Andrew Bartlett</span></div>
<div><span>
<pre>-- <br></pre>
<div style="width:71ch">Andrew Bartlett (he/him) <a href="https://samba.org/~abartlet/" originalsrc="https://samba.org/~abartlet/" shash="mVcHf6uQlij70zWfp06LyVAHMA+MBGsIAjy0QFb7sNjMiTAk4EqaWsPpI0tF18LW4kS0AUeCzlzrMEjND0dIWFrFl6s9vhj8qEeC7p/GIEOlR0mzibJ08YClXj5gob5gAGAcgBlpLLYYJGr5IA6gimXm0diO8BuO3jn9UxFTeHY=" originalsrc="https://samba.org/~abartlet/" shash="RfjkY4Hlu2W6uUYGxfcADg10HYtOXCmcX1h3Fdau2yx8CMs8eqyqwUQZ4iwv+IfnxT/Db6Ia1gyFeqE9Hca1ijJ97x3Vl5qSVrHyR5Fsmw++jUrPlEGAeEKwMO0S5PWq4t36EKfSrCajC/737zkijajM00MzHm4XhOe3aYn9X9w=">https://samba.org/~abartlet/</a></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch">Samba Team Member (since 2001)
<a href="https://samba.org/" originalsrc="https://samba.org/" shash="Mkztqr4WsdIwh7pL/YvYxpjWJE22loVGoHkOlWkhR5KKJNGsL36QSWdPCASnrVawx7EmVG1c/B+CjbGF+AjC/aStWv3tY6s7mDhzRYzXOoVdqvnwlJK8qmoZCQH39Qp5Py9qAzyjwOMVhQWAlZrzeahdDF5jvjhuyMi5c4uh7ts=" originalsrc="https://samba.org/" shash="j9ayiKdh1sr7l0hiMYTJK6vyz6/xf4V8nfPYoCfnpRCzjBj1m1Re2VZW1xUUhsFSnuKByBWxq75sUg4RipDGIEnYaEQFunbPsRbkCa3FeKQc7FRr6leDduFxXUteXAUY9GZcuz5BNe4luT0Zvxk42CTqAD7QJQnbFk9+/ny4aek=">
https://samba.org</a></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch">Samba Team Lead <a href="https://catalyst.net.nz/services/samba" originalsrc="https://catalyst.net.nz/services/samba" shash="SuTF7Zdp8FS99TMCWeKZHaItcOOmsWSoJsB8Gt6imJ1/06sbxSsCjUtx/HFR+4WvnJ/a4NDRW8A6YkcronscJ1d/Di0mqL8zr1AGY/XIsaSaVNW2bTxAeKY3hLG/gTiSYqZbrsWpct7bLTCd+qxestRGaoRlziCkVNEqfXfjwjI=" originalsrc="https://catalyst.net.nz/services/samba" shash="rOQexcs6EAtPhAItSGPIIPQRk0+A7h2p5B9ki2O6dx3H972ns6/gAySANKQESJbyJhGWUDYdui8bdubgwp3y2tS+hWKF6KFidSkBqxt5I5BS3bB+ky0HdcXEYy/OtqYXtoOZakG4krGar/NDvQ1LIvBvUglFGcIaA+psVN9d7O0=">https://catalyst.net.nz/services/samba</a></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><span style="font-size:17.333334px">Catalyst.Net Ltd</span></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><span style="font-size:17.333334px"><br>
</span></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch">Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company</div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><br>
</div>
<div data-evo-signature-plain-text-mode="" style="width:71ch">Samba Development and Support:
<a href="https://catalyst.net.nz/services/samba" originalsrc="https://catalyst.net.nz/services/samba" shash="psQaT+xy50XBjeYHzQPzupuGIEMhQSxJsoadWepfMjvl2toRDOyu+UdlZFScGjEjRvbEAM8vragF4dxGowcQPoN7ru0dg5Ipe1/m8SnOcJdKZuiQ1TI1RQg8Am6+zUJPR5nS5e6+W7UQUpwwZZ240CLbXIfiMO5DURj+OYl45J8=" originalsrc="https://catalyst.net.nz/services/samba" shash="rOQexcs6EAtPhAItSGPIIPQRk0+A7h2p5B9ki2O6dx3H972ns6/gAySANKQESJbyJhGWUDYdui8bdubgwp3y2tS+hWKF6KFidSkBqxt5I5BS3bB+ky0HdcXEYy/OtqYXtoOZakG4krGar/NDvQ1LIvBvUglFGcIaA+psVN9d7O0=">
https://catalyst.net.nz/services/samba</a></div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><br>
</div>
<div data-evo-signature-plain-text-mode="" style="width:71ch">Catalyst IT - Expert Open Source Solutions</div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><br>
</div>
<div data-evo-signature-plain-text-mode="" style="width:71ch"><br>
</div>
</span></div>
</div>
</body>
</html>