Microsoft Security Advisory 3083992

Update to Improve AppLocker Publisher Rule Enforcement

Published: September 8, 2015

Version: 1.0

Microsoft is announcing the availability of a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.

The update released on September 8, 2015:

  • Microsoft released an update (3083992) for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 3083992.

    Synopsis of functionality added by the update 
    The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current user’s certificate store for publisher rules.

This advisory discusses the following software.

Operating System

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012 R2

Server Core installation option

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

What is the scope of the advisory? 
The purpose of this advisory is to notify customers that a defense-in-depth update is available that improves the enforcement of publisher rules by AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.

What is defense-in-depth? 
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.

What is AppLocker? 
AppLocker advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.

What does the update do? 
The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

Support

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (September 8, 2015): Advisory published.

Page generated 2015-09-03 12:46-07:00.
Show: