Executive Summary

Summary
Title Microsoft Security Advisory 3083992
Informations
NameKB3083992First vendor Publication2015-09-08
VendorMicrosoftLast vendor Modification1970-01-01
Severity (Vendor) N/ARevision1.0

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Security Advisory 3083992

Update to Improve AppLocker Publisher Rule Enforcement

Published: September 8, 2015

Version: 1.0

Executive Summary

Microsoft is announcing the availability of a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.

Available Updates

The update released on September 8, 2015:

  • Microsoft released an update (3083992) for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 3083992.

    Synopsis of functionality added by the update
    The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current users certificate store for publisher rules.

Affected Software

This advisory discusses the following software.

Operating System

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012 R2

Server Core installation option

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Advisory FAQ

What is the scope of the advisory?
The purpose of this advisory is to notify customers that a defense-in-depth update is available that improves the enforcement of publisher rules by AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.

What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.

What is AppLocker?
AppLocker advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.

What does the update do?
The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.

Other Information

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

  • You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.

Support

  • Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
  • Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (September 8, 2015): Advisory published.

Page generated 2015-09-03 12:46-07:00.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/3083992.mspx

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2016-04-09 13:21:13
  • First insertion