Executive Summary
Summary | |
---|---|
Title | Microsoft Security Advisory 3045755 |
Informations | |||
---|---|---|---|
Name | KB3045755 | First vendor Publication | 2015-04-14 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Security Advisory 3045755Update to Improve PKU2U AuthenticationPublished: April 14, 2015 Version: 1.0
|
Operating System |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for x64-based Systems |
Windows Server 2012 R2 |
Windows RT 8.1 |
Server Core installation option |
Windows Server 2012 R2 (Server Core installation) |
Advisory FAQ
What is the scope of the advisory?
The purpose of this advisory is to notify customers that a defense-in-depth update is available that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The improvement is part of ongoing efforts to bolster the effectiveness of security controls in Windows.
What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.
What is PKU2U?
Public Key Cryptography User-to-User (PKU2U) is a security support provider (SSP) protocol that enables peer-to-peer authentication, particularly through the Windows media- and file-sharing feature called HomeGroup, which permits sharing between computers that are not members of a domain.
What does the update do?
The update improves certain authentication scenarios for PKU2U. After applying this defense-in-depth update, PKU2U will no longer authenticate to a Windows Live ID (WLID) if an initial authentication attempt fails.
Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
- Jerry Decime, Hewlett Packard, for working with us on this issue
Other Information
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (April 14, 2015): Advisory published.
Original Source
Url : http://www.microsoft.com/technet/security/advisory/3045755.mspx |
Alert History
Date | Informations |
---|---|
2015-06-15 13:27:30 |
|