Windows Patch for RPC Sealing and Samba for ReadyNAS 4220S

Question

I have a ReadyNAS 4220S running 6.9.3 that is being used for SMB shares.

The problem we just found out is that Microsoft is patching RPC authentication to stop RPC Signing and only allow RPC Sealing, CVE-2022-38023. Multiple of our other NAS vendors have been jumping on this as this a huge change.

Also, Samba released this statement, https://www.samba.org/samba/security/CVE-2022-38023.html, and these versions, Samba 4.15.13, 4.16.8 and 4.17.4, and later are patched to fix this issue.

I cannot find any updates or release notes that mention being ready for this issue or not. Is this issue not affecting ReadyNAS or is it still being worked to resolve this issue?

Any help would be greatly appreciated.

JayLim77 · Answer

The patch from Microsoft will be applied next month and was hoping someone might know if ReadyNAS 4220S is or will be patched and is or is not vulnerable to having issues with the change by Microsoft.

AnkitGH · Answer

Hello&nbsp;JayLim77&nbsp;&nbsp;And welcome to the NETGEAR Community! 🙂&nbsp;Yes, Microsoft have released its initial security deployment it is in initial deployment phase and it is released in Nov 8 2022.And as you mentioned the patch will be enforced soon.&nbsp;And ReadyNAS updated firmware version is 6.10.8 and it will not probably update the version in near future.&nbsp;Please keep the device in the updated firmware to avoid the vulnerabilities.&nbsp;Probably it is will not affect the NAS in which the change by the Microsoft.&nbsp;If your issue is resolved please&nbsp;close the thread by clicking "Accept as solution".Have a lovely day,AnkitGHNetgear Team

Sandshark · Answer

AnkitGH&nbsp;wrote:Hello&nbsp;JayLim77&nbsp;&nbsp;Probably it is will not affect the NAS in which the change by the Microsoft.&nbsp;Your best answer is probably it won't affect the NAS?&nbsp; That just won't do.&nbsp; From what I have read, it very much will affect anyone using AD integration to access the NAS, which I assume the original poster is doing.&nbsp;

JayLim77 · Answer

Thanks&nbsp;Sandshark that is exactly what I am doing.&nbsp;The ReadyNAS is connected to AD and using security groups for its SMB Shares.&nbsp;We have worked with Synology, NetApp, Hitachi HNAS, 45Drives with TrueNAS, and Samba based Unix-like systems. All of them are jumping in to get a fix out, or already have, before the change is applied in July by Microsoft.&nbsp;This is a major issue as all access will be lost by AD based users. From the response it looks like Netgear does not have fix for ReadyNAS and that will mean any and all of these systems connected to AD will stop working.

Sandshark · Answer

Every indication is that Netgear is silently exiting the NAS business and just leaving it's customers hanging.&nbsp; I think you should go on the assumption that Netgear will do nothing.&nbsp; If that's not the case, you'll be pleasantly surprised.&nbsp; Better that than caught with your pants down when the patch is implemented.&nbsp;The NAS will not cease to work, but you'll have to change from AD to local access control.&nbsp; Depending on how many users that is, it could be a daunting task.&nbsp; Can you re-purpose your Netgear products as backup only, so not as many need access?&nbsp; Unfortunately, I have no idea how to migrate from AD integration.&nbsp;Another option is installing a generic Linux system since it's basically just an Intel-based motherboard.&nbsp; The best way to do that is to temporarily remove the 10GBE card and install a video card.&nbsp; Once you've installed and set things up for headless operation, you can swap back in the Ethernet card.&nbsp; I have read that a DisplyLink USB video adapter has Linux support.&nbsp; So if you need to maintain a display, you could see about using one of them.

Forum Discussion

Windows Patch for RPC Sealing and Samba for ReadyNAS 4220S

9 Replies

Related Content

SOLVED: ReadyNAS Backups of new Windows 11 PC

Cannot access ReadyNAS Duo from Windows 11

Difficulty accessing Readynas with windows explorer

aggiornamento Windows 10 ReadyNAS duo

WINDOWS CANNOT ACCESS \\READYNAS

NETGEAR Academy

ProSupport for Business