Executive Summary

Summary
Title Updates to Improve Remote Desktop Protocol Network-level Authentication
Informations
Name KB2861855 First vendor Publication 2013-08-13
Vendor Microsoft Last vendor Modification 1970-01-01
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

General Information

Executive Summary

Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the effectiveness of security controls in Windows.

Available Updates

The update released on August 13, 2013:

  • Microsoft released an update (2861855) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 2861855.

    Synopsis of functionality added by the update
    The update adds defense-in-depth measures to the Network Level Authentication (NLA) technology within the Remote Desktop Protocol in Microsoft Windows.

Affected Software

This advisory discusses the following software.

Operating System
Affected Software
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Non-Affected Software
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT
Server Core installation option
Windows Server 2012 (Server Core installation)

Frequently Asked Questions

What is Network Level Authentication (NLA)?
Network Level Authentication (NLA) is an authentication method that can be used to enhance Remote Desktop Session Host server security by requiring that the user be authenticated to the Remote Desktop Session Host server before a session is created. Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears.

What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/2861855.mspx

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:38:42
  • Multiple Updates
2013-09-18 17:10:43
  • First insertion