Microsoft Security Advisory 3083992
Update to Improve AppLocker Publisher Rule Enforcement
Published: September 8, 2015
Version: 1.0
Executive Summary
Microsoft is announcing the availability of a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.
Available Updates
The update released on September 8, 2015:
Microsoft released an update (3083992) for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 3083992.
Synopsis of functionality added by the update
The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current user’s certificate store for publisher rules.
Affected Software
This advisory discusses the following software.
| Operating System |
|---|
| Windows 7 for 32-bit Systems Service Pack 1 |
| Windows 7 for x64-based Systems Service Pack 1 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
| Windows 8 for 32-bit Systems |
| Windows 8 for x64-based Systems |
| Windows 8.1 for 32-bit Systems |
| Windows 8.1 for x64-based Systems |
| Windows Server 2012 |
| Windows Server 2012 R2 |
| Server Core installation option |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
Advisory FAQ
What is the scope of the advisory?
The purpose of this advisory is to notify customers that a defense-in-depth update is available that improves the enforcement of publisher rules by AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows.
What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.
What is AppLocker?
AppLocker advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.
What does the update do?
The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.
Other Information
Microsoft Active Protections Program (MAPP)
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (September 8, 2015): Advisory published.
Page generated 2015-09-03 12:46-07:00.