Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication

Published: 2010-03-10
Last Updated: 2010-03-11 22:38:01 UTC
by Rob VandenBrink (Version: 1)
2 comment(s)

Yesterday Microsoft re-released KB973811 ==> http://www.microsoft.com/technet/security/advisory/973811.mspx

This relates back to the original KB973917 ==> http://support.microsoft.com/kb/973917

and advisory MS09-071 ==> http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx

This affects the Extended Protection for Authentication functions within XP, Vista and Server 2003 ==> http://support.microsoft.com/kb/968389

It didn't show up in yesterday's Patch Tuesday review because Microsoft is classifying it as a "non-security upgrade". This is confusing to me, because the update actually includes mitigation against a credential forwarding attack, which you might see on an unencrypted, unsigned connection (yes, there's still a lot of that going around ! )

This update affects XP, Vista and Server 2003.  Windows 7 and Server 2008 R2 are not affected.

Thanks to our readers on letting us know about this one.  I'm still puzzled as to why this wasn't on Microsoft's list of security updates ...

=============== Rob VandenBrink Metafore ===============

2 comment(s)
Diary Archives