Security Advisory

Microsoft Security Advisory 914784

Update to Improve Kernel Patch Protection

Published: June 13, 2006

An update is available for Kernel patch protection included with X64-based Windows operating systems. Kernel patch protection protects code and critical structures in the Windows kernel from modification by unknown code or data. This update adds additional checks to this protection for increased reliability, performance, and security. For more information about this release, see Microsoft Knowledge Base Article 914784. We encourage customers running x64-based Windows operating systems to install this update. For more information about Kernel patch protection see the following Microsoft Web Site. For more information about the updates included in this release, see Microsoft Knowledge Base Article 914784.

General Information

Overview

Purpose of Advisory: To announce the availability of and to clarify the purpose of an update for kernel patch protection included with X64-based Windows operating systems.

Advisory Status: Microsoft Knowledge Base Article and associated update were released.

Recommendation: Review the referenced Knowledge Base Article and apply the Update as appropriate.

References Identification
Microsoft Knowledge Base Article 914784

This advisory discusses the following software.

Related Software
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 x64 Edition

Frequently Asked Questions

What is the scope of the advisory?
To announce the availability of and to clarify the purpose of an update for kernel patch protection included with X64-based Windows operating systems.

What is Kernel patch protection?
Kernel patch protection is a technology included with X64-based Windows operating systems that helps protect code and critical structures in the Windows kernel from being modified by unknown software or data, known as “kernel patching”. Kernel patch protection was implemented in these versions of Windows to help protect the integrity of the Windows kernel and, as a result, improve the overall reliability, performance, and security of Windows. For more information about Kernel patch protection see the following Microsoft Web Site.

Why is Microsoft releasing this update?
Microsoft is releasing this update to provide additional resiliency to the Kernel patch protection system.

Is this a security vulnerability that requires Microsoft to issue an update?
No. While this updates adds additional checks to Kernel patch protection system, it does not involve a security vulnerability. Known methods that allow the kernel to be patched on systems where Kernel patch protection is enabled require a system to already be compromised by an attacker.

How will Microsoft list this update on the Windows Update Web site?
The update for kernel patch protection is a high-priority update on the Windows Update Web site. On the Windows Update site it will be listed in the “High Priority” Updates category for customers that haven’t received the update already and are running the software listed above.

Should I install this update even if I have kept my X64-based Windows operating systems up to date?
Yes. While this update does not address any critical security vulnerabilities, the update does increase the reliability, performance, and security provided by kernel patch protection, as discussed on the following Microsoft Web Site.

Will this update be distributed over Automatic Updates?
Yes, this update is distributed over Automatic Updates to Windows Server 2003 x64 bases systems.

Suggested Actions

Review the Microsoft Knowledge Base Article and Kernel Patch Protection information that is associated with this advisory

We encourage customers running X64-based Windows operating systems to install this update. Customers who are interested in learning more about Kernel Patch protection should review the following Microsoft Web Site.

Other Information

Resources:

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

  • June 13, 2006: Advisory published

Built at 2014-04-18T13:49:36Z-07:00