Microsoft also released a new Security Advisory in this month’s version of “Patch Tuesday”.
Microsoft Security Advisory (973811)
Extended Protection for Authentication
This security advisory includes a new feature that adds additional security measures. Microsoft noted that this is an optional configuration. You should visit the security advisory page and research whether this new feature applies to your network. It is important to note that the security advisory was not released to address a known vulnerability.
Security advisories are not new to the patching industry. Microsoft has released advisories as a temporary protection measure for users while the patch is being programmed and ultimately released to the public. In the past, Microsoft described manual workarounds for temporary protection against known vulnerabilities. These work arounds primary dealt with program settings and registry tweaks. Deploying registry tweaks in mass to large corporate network can cause quite a bit of pain for administrators. In response a couple of months ago, Microsoft started releasing “FixIt” tool patches. These patches allowed patch management vendors the ability to aid administrators in the security advisory deployments.
But with this advisory, Microsoft released the patch as a non-security patch. You can find the patch(es) here:
Windows Server 2003; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
Windows Server 2003 x64; Windows Server 2003 Service Pack 2 x64
Windows Server 2003 Service Pack 2 x64; Windows XP Professional x64
Windows Server 2008 x64
Windows XP Service Pack 2; Windows XP Service Pack 3
Windows Vista x64 Service Pack 1; Windows Vista x64 Service Pack 2
Windows Server 2008
Windows Vista; Windows Vista Service Pack 1; Windows Vista Service Pack 2
If you are running Windows 7 or Windows 2008 R2, this new technology has already been implemented and no action is required.
After deploying this patch, manual intervention is need on each machine. In order to enable this technology, registry tweaks are required. More details on this process can be found on the Security Advisory page under “How do I enable this feature?”.
We will be looking at adding support for this non-security patch later this week.