Security Advisory
Microsoft Security Advisory 2861855
Updates to Improve Remote Desktop Protocol Network-level Authentication
Published: August 13, 2013
Version: 1.0
General Information
Executive Summary
Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the effectiveness of security controls in Windows.
Available Updates
The update released on August 13, 2013:
Microsoft released an update (2861855) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 2861855.
Synopsis of functionality added by the update
The update adds defense-in-depth measures to the Network Level Authentication (NLA) technology within the Remote Desktop Protocol in Microsoft Windows.
Affected Software
This advisory discusses the following software.
Operating System |
---|
Affected Software |
Windows Vista Service Pack 2 |
Windows Vista x64 Edition Service Pack 2 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Server Core installation option |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
Non-Affected Software |
---|
Windows XP Service Pack 3 |
Windows XP Professional x64 Edition Service Pack 2 |
Windows Server 2003 Service Pack 2 |
Windows Server 2003 x64 Edition Service Pack 2 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Windows 8 for 32-bit Systems |
Windows 8 for 64-bit Systems |
Windows Server 2012 |
Windows RT |
Server Core installation option |
Windows Server 2012 (Server Core installation) |
Frequently Asked Questions
What is Network Level Authentication (NLA)?
Network Level Authentication (NLA) is an authentication method that can be used to enhance Remote Desktop Session Host server security by requiring that the user be authenticated to the Remote Desktop Session Host server before a session is created. Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears.
What is defense-in-depth?
In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system.
Other Information
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (August 13, 2013): Advisory published.
Built at 2014-04-18T13:49:36Z-07:00