Eprint

About the impact of Microsoft Windows update program installed in March 2020 on Fuji Xerox’s products

January 10, 2020

To our customers,

We sincerely thank you for your continued support of our products.

With reference to the Security Advisory ADV190023 published by Microsoft Corporation in August 2019, according to the information as of December 17, 2019, a Windows update program is scheduled to be released in March 2020 to enhance the security of the LDAP communication.

Please refer to the following URL for the information of Microsoft Corp. about ADV190023.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

In an environment where this update program is installed, the use of our company’s multifunction devices, printers, production printers, wide-format printers, and software products may be affected.

Please refer to the descriptions below and if the use of the product is affected, please implement the workaround.

[Windows environment conditions]

When Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) is used in the following Windows:

Windows 7 Service Pack 1

Windows 8.1

Windows 10 (Version 1507)

Windows 10 November Update (Version 1511)

Windows 10 Anniversary Update (Version 1607)

Windows 10 Creators Update (Version 1703)

Windows 10 Fall Creators Update (Version 1709)

Windows 10 April 2018 Update (Version 1803)

Windows 10 October 2018 Update (Version 1809)

Windows 10 May 2019 Update (Version 1903)

Windows 10 November 2019 Update (Version 1909)

 

Windows Server 2008 Service Pack 2

Windows Server 2008 R2 Service Pack 1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

 

[Target products, environment conditions and symptom, and workaround]

Multifunction devices, printers, production printers, wide-format printers

          Target products

Products that support LDAP.

Please refer to the following for the product list.

Product list (plist_en.pdf)

 

Environment conditions and symptom

The following may occur if users are using the external authentication or the Remote Address Book. An authentication error may occur when using the external authentication, or users may sometimes fail to obtain user information.

Users may sometimes fail to obtain information of the Remote Address Book.

 

Workaround

The symptom can be avoided by performing LDAPS communication from the device to the Active Directory. Please refer to the descriptions below for how to change settings of our products.

As for Windows server, users may be required to change settings for LDAPS. Please take action in accordance with the information provided by Microsoft.

Procedure to change settings for multifunction devices, printers, production printers (mfp_en.pdf)

Procedure to change settings for printers (printer_en.pdf)

Procedure to change settings for printers2 (printer2_en.pdf)

Procedure to change settings for wide-format printers (widef_en.pdf)

 

ApeosWare Management Suite

 

Target products

ApeosWare Management Suite 2

ApeosWare Management Suite 1.4

 

Environment conditions and symptom

If users have obtained user information or set the user authentication by performing communication with Active Directory, users may sometimes fail to obtain user information, or the user authentication may fail.   

 

Workaround

The symptom can be avoided by performing LDAPS communication from the device to the Active Directory. If users have already been using the LDAPS communication, the use of the product is not affected.

Please refer to the procedure below to enable the LDAPS communication on each product.

Procedure to change settings for ApeosWare Management Suite 2 (awms2_en.pdf)

Procedure to change settings for ApeosWare Management Suite 1.4 (awms1_en.pdf)

 

ApeosWare Image Log Management

 

Target product

ApeosWare Image Log Management

 

Environment conditions and symptom

If users have obtained user information or set the user authentication by performing communication with Active Directory, users may sometimes fail to obtain user information, or the user authentication may fail.

 

Workaround

The symptom can be avoided by performing LDAPS communication from the device to the Active Directory. If users have already been using the LDAPS communication, the use of the product is not affected.

Please refer to the procedure below to enable LDAPS communication.

Procedure to change settings for ApeosWare Image Log Management (awilm_en.pdf)

 

Device Log Service

 

Target product

Device Log Service

 

Environment conditions and symptom

If users have set the synchronization with LDAP server, communication with the LDAP server cannot be performed and user information cannot be updated. When user information managed in the LDAP server is changed, Device Log Service cannot perform counting correctly.

 

Workaround

The symptom can be avoided by performing SSL/TLS communication with LDAP server.

Please refer to the procedure below to avoid the symptom.

Procedure to change settings for Device Log Service (dls_en.pdf)

 

DocuShare

 

Target products

DocuShare 6.6

DocuShare 6.6.1

DocuShare 7.0

 

Environment conditions and symptom

If users have obtained user information or set the user authentication by performing communication with Active Directory, users may sometimes fail to obtain user information, or the user authentication may fail.  

 

Workaround

The symptom can be avoided by performing LDAPS communication from the device to the Active Directory. If users have already been using the LDAPS communication, the use of the product is not affected.

  Procedure to change settings for DocuShare (docushare_en.pdf)