Microsoft Security Advisory 2861855
Updates to Improve Remote Desktop Protocol Network-level Authentication
Published: August 13, 2013
Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the effectiveness of security controls in Windows.
The update released on August 13, 2013:
- Microsoft released an update (2861855) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 2861855.
Synopsis of functionality added by the update
The update adds defense-in-depth measures to the Network Level Authentication (NLA) technology within the Remote Desktop Protocol in Microsoft Windows.
This advisory discusses the following software.
|Windows Vista Service Pack 2|
|Windows Vista x64 Edition Service Pack 2|
|Windows Server 2008 for 32-bit Systems Service Pack 2|
|Windows Server 2008 for x64-based Systems Service Pack 2|
|Windows Server 2008 for Itanium-based Systems Service Pack 2|
|Windows 7 for 32-bit Systems Service Pack 1|
|Windows 7 for x64-based Systems Service Pack 1|
|Windows Server 2008 R2 for x64-based Systems Service Pack 1|
|Windows Server 2008 R2 for Itanium-based Systems Service Pack 1|
|Server Core installation option|
|Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)|
|Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)|
|Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)|
|Windows XP Service Pack 3|
|Windows XP Professional x64 Edition Service Pack 2|
|Windows Server 2003 Service Pack 2|
|Windows Server 2003 x64 Edition Service Pack 2|
|Windows Server 2003 with SP2 for Itanium-based Systems|
|Windows 8 for 32-bit Systems|
|Windows 8 for 64-bit Systems|
|Windows Server 2012|
|Server Core installation option|
|Windows Server 2012 (Server Core installation)|
What is Network Level Authentication
Network Level Authentication (NLA) is an authentication method that can be used to enhance Remote Desktop Session Host server security by requiring that the user be authenticated to the Remote Desktop Session Host server before a session is created. Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears.
What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
- Customers in the United States and Canada can receive technical support from Security Support. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (August 13, 2013): Advisory published.
Built at 2014-04-18T13:49:36Z-07:00