Microsoft security advisory: Vulnerability in DirectAccess and IPsec could allow security feature bypass

Article translations Article translations
Article ID: 2862152 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
http://technet.microsoft.com/security/advisory/2862152

Resolution

The following files are available for download from the Microsoft Download Center:


For all supported x86-based versions of Windows XP

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows XP Professional x64 edition

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows Server 2003

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2003

Collapse this imageExpand this image
Download
Download the package now.

For all supported IA-64-based versions of Windows Server 2003

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows Vista

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Vista

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions Windows Server 2008

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2008

Collapse this imageExpand this image
Download
Download the package now.

For all supported IA-64-based versions of Windows Server 2008

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows 7

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows 7

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows 7 Embedded

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows 7 Embedded

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2008 R2

Collapse this imageExpand this image
Download
Download the package now.

For all supported IA-64-based versions of Windows Server 2008 R2

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows 8

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows 8

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2012

Collapse this imageExpand this image
Download
Download the package now.

For all supported x86-based versions of Windows 8.1

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows 8.1

Collapse this imageExpand this image
Download
Download the package now.

For all supported x64-based versions of Windows Server 2012 R2

Collapse this imageExpand this image
Download
Download the package now.

Release Date: November 10, 2013

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More information

1: Purpose of this security update

The security update strengthens how the identity of remote DirectAccess servers is validated if there is a remote connection from a DirectAccess client. The installation of this update is a three-step process. The process is outlined in this section and is documented in detail in this article.

To install this update, follow these steps:
  1. Install the update on the client system that improves remote server validation. The update remains disabled after installation until the administrator follows step 2 and manually enables the update (as described in section 4.1). If there is a client-to-gateway configuration, the update should be installed on the client computer. If there is site-to-site configuration, both communication remote servers should receive the installation.
  2. Update the certificate on the server whose identity has to be validated according to the new validation rules (as described in the "Deployment instructions" section).
  3. Update the registry on the validation computers to include the new validation rules. As soon as these rules are set in the registry, the update automatically starts enforcing the new rules while it establishes a tunnel with the remote party.
Note This update is applicable only for tunnel-mode connections. Transport-mode connections are not affected.

2: Who should install this security update?

Enterprise administrators who have the following configurations should consider updating their remote client and servers for improved security:
  • DA with certificate-based AuthIP
    In this configuration, the update has to be installed on Windows 7-based client computers. The server whose certificate has to be updated in the configuration can be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

    This update will not have any effect if it is installed on a Windows 8 certificate-based deployment.
  • DA with KerbProxy authentication AuthIP
    In this configuration, the update has to be installed on Windows 8-based or Windows 8.1-based client computers. No changes are required on the server.
  • IPsec with certificate-based authentication
    This is the most versatile configuration. It may be configured as client to gateway or as site to site.

3: Deployment scenarios


3.1: DA/IPsec client to gateway

A typical client-to-gateway configuration is depicted in this section. The update will improve the check that computer C1 does on the validity of server R1.
Collapse this imageExpand this image
IPsec DirectAccess tunnel

3.2: IPsec site to site

A common traffic-triggered IPsec site-to-site tunnel is depicted here. Server R1 and server R2 will have to have this update and its related configuration in order to enforce more rigorous checks on other servers’ validity.
Collapse this imageExpand this image
IPsec tunnel

4: Deployment instructions

4.1: Description of the security update

As part of security update 2862152, DirectAccess enforces more checks in IPsec negotiation in certificate authentication methods (for Windows 7, Windows Server 2008 R2, Windows XP, and Windows Server 2003) and KerbProxy authentication (for Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012). During IPsec negotiation, DirectAccess also checks the listed attributes against the registry-configured values as follows:
Windows 7 and earlier operating systems
  • If only the IP address and the EKU are configured, DirectAccess checks for destination IP address and EKU object identifier (also known as OID).
  • If only the IP address and DNS are configured, DirectAccess checks for destination IP address and DNS (certificate) name.
  • If the IP address, DNS, and EKU are configured, DirectAccess checks for destination IP address and EKU object identifier.
Notes
  • DNS Name is the certificate name on the server (or responder side).
  • EKU object identifier is the Extended Key Usage identifier that is in the server certificate.
Windows 8 and Windows 8.1
  • Destination IP address and SPN values

    The service principal name (SPN) is generally in the following format:
    host/<ComputerName>.<ComputerDomain>.com
    Administrators must provide the valid IP, DNS names/EKU object identifiers (in Windows 7 or earlier operating systems), or valid IP address and SPN values (in Windows 8 and later versions) through registry settings. Each keying module will have a separate registry that will have a subkey for each authentication method.

    The same settings can be configured on the responder computer also to help secure the responder. This is applicable only for Windows 7 and earlier versions.

    In Windows 8 and later versions, only the initiator computer can be configured. The responder cannot be configured.

4.2: Certificate deployment - Windows 7 and earlier versions

4.2.1 DirectAccess scenario
4.2.1.1 EKU configuration on the client:
  • If your DirectAccess client already has a certificate that has an EKU, you do not have to update or redeploy a new certificate on the DirectAccess client system. On the DirectAccess server, a new certificate with the EKU is set to be deployed.

    Note This certificate has to be chained to the same root certification authority (CA) that was configured in the IPsec policy. Configure this new EKU in the client's registry settings.
  • Certificates that do not have an EKU are considered as "All Purpose Certificates." When such certificates are used with this update, the new EKU checks will not be enforced. If you still want to enforce checks against a certificate, configure only DNS settings.
4.2.1.2 DNS configuration on the client:
  • If you want to use DNS based validations, you can configure the DNS Name (Certificate name) of the Server certificate in the client's registry settings.

    Note If EKU is configured, DNS settings will not be considered. Therefore, if you want to use DNS-based validations, configure only DNS settings.
4.2.2 Site-to-site scenario
4.2.2.1 EKU configuration:
  • If your initiator or responder already has a certificate that has an EKU, you do not have to update or redeploy any certificate on the initiator or responder. Just configure the peer certificate's EKU in the registry settings on both ends.
  • If your initiator or responder certificate has no EKU, this means that it is an "All-purpose certificate" and that the new EKU checks will not be enforced. If you still want to enforce checks against a certificate, configure only DNS settings.
4.2.2.2 DNS configuration:
  • If you want to use DNS-based validations, you can configure the DNS Name (Certificate name) of the peer certificate in the registry on both sides.

    Note If EKU is configured, DNS settings will not be considered. Therefore, if you want to use DNS-based validations, configure only DNS settings.

4.3: Registry settings in Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008

The validations will be enabled only when the registry keys are configured.

Note The validation will be forced even if the registry key has no value or data.
  • 4.3.1: Certification authentication by using AuthIP
    • Registry key: HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters\IPsecTunnelConfig\AuthIP\Cert
    • Registry name: This can be any name (for example, Tunnel1)
    • Type: REG_MULTI_SZ
    • Data: <IPv4Address or IPv6Address> <DNS1> <DNS2> <DNS3> <custom EKU OID>
    Data separators can be "space" or "tab" or "new line." For example, the data can also be configured as follows:

    Data: <IPv4Address or IPv6Address>
    <DNS1>
    <DNS2>
    <DNS3>
    <custom EKU OID>

    The custom EKU OID should be configured with the "EKU:" prefix format as shown in the following:
    EKU:<EKU OID>


    The registry can have more than one registry name:
    • Registry name: This can be any name (for example, Tunnel2)
    • Type: REG_MULTI_SZ
    • Data: <IPv4Address or IPv6Address> <DNS4> <DNS5> <DNS6> <custom EKU OID>
  • 4.3.2: Certification authentication by using IKEv1
    • Registry key: HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters\IPsecTunnelConfig\IKEV1\Cert
    • Registry name: This can be any name (for example, Tunnel1)
    • Type: REG_MULTI_SZ
    • Data: <IPv4Address or IPv6Address> <DNS1> <DNS2> <DNS3> <custom EKU OID>

    Data separators can be "space" or "tab" or "new line." For example, the data can also be configured as follows:

    Data: <IPv4Address or IPv6Address>
    <DNS1>
    <DNS2>
    <DNS3>
    <custom EKU OID>

    The custom EKU OID should be configured with the "EKU:" prefix format as shown in the following:
    EKU:<EKU OID>


    The registry can have more than one registry name:
    • Registry Name: This can be any name (for example, Tunnel2)
    • Type: REG_MULTI_SZ
    • Data: <IPv4Address or IPv6Address> <DNS4> <DNS5> <DNS6> <custom EKU OID>
    Each entry can have no more than 10 DNS names and only one custom EKU specified.

    The maximum number of DNS names configured per entry is 10.

    Note If the size of the entry exceeds 16,384 characters, that entry will be ignored. This includes the IP address size and EKU size.

    Only one EKU can be considered per tunnel destination (for example, per IP). The search is iterative. If there are more than one "IP" entries configured, the first configured EKU for that IP address entry will be considered for validation.

    The maximum number of tunnels that can be configured under the registry path is 1,024.

    Notes
    • "IP" values must be configured. Administrators can configure either DNS or EKU based on their needs.
    • If only EKU is configured, we validate the EKU present in the peer certificate and allow for or disallow authentication based on the validation result.
    • If only DNS Name is configured, we validate only the subjectAltName present in the certificate and allow for or disallow authentication based on the validation result.
    • If EKU and DNS are configured, we validate only EKU and allow for or disallow authentication based on the validation.

4.4: Registry settings in Windows XP and Windows Server 2003

The validations will be enabled only when the registry keys are configured.

Note The validations will be forced even if the registry keys have no value or data.
4.4.1: Certification authentication by using Oakley
  • Registry key: HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley\Cert
  • Registry name: This can be any name (for example, Tunnel1)
  • Type: REG_MULTI_SZ
  • Data: <IPv4Address> <DNS1> <DNS2> <DNS3> <custom EKU OID>

    Data separators can be "space" or "tab" or "new line." For example, the data can also be configured as follows:

    Data: <IPv4Address>
    <DNS1>
    <DNS2>
    <DNS3>
    <custom EKU OID>

    The custom EKU OID should be configured with the "EKU:" prefix format as shown in the following:
    EKU:<EKU OID>


    The registry can have more than one registry name:
  • Registry name: This can be any name (for example, Tunnel2)
  • Type: REG_MULTI_SZ
  • Data: <IPv4Address> <DNS4> <DNS5> <DNS6> <custom EKU OID>
The IP address is the address of the tunnel destination and should be the first string in the entry.

Each entry can have no more than 10 DNS names and only one custom EKU specified.

The maximum number of DNS names configured per entry is 10.

Note If the size of the entry exceeds 16,384 characters, that entry will be ignored. This includes the IP address size and EKU size.

Only one EKU can be considered per a tunnel destination (for example, per IP). The search is iterative. If there are more than one "IP" entries configured, the first configured EKU for that IP address entry will be considered for validation.

The maximum number of tunnels that can be configured under the registry path is 1,024.

Notes
  • "IP" values must be configured. Administrators can configure either DNS or EKU based on their needs.
  • If only EKU is configured, we validate the EKU present in the peer certificate and allow for or disallow authentication based on the validation result.
  • If only DNS Name is configured, we validate only the subjectAltName present in the certificate and allow for or disallow authentication based on the validation result.
  • If both are configured, we validate only EKU and allow for or disallow authentication based on the validation.

4.5: Windows 8 and Windows 8.1

Validations will be enabled only if the registry key is configured. Be aware that the checks will be enforced by just adding the key even without any registry values or data.
4.5.1: KerbProxy authentication by using AuthIP:
  • Registry key: HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters\IPsecTunnelConfig\AuthIP\kerberos
  • Registry name: This can be any string (for example, Tunnel1)
  • Type: REG_MULTI_SZ
  • Data: <IPv4Address or IPv6Address> <SPN1> <SPN2> <SPN3>

    Data separators can be "space" or "tab" or "new line." For example, the data can also be configured as follows:

    Data: <IPv4Address or IPv6Address>
    <SPN1>
    <SPN2>
    <SPN3>

    The registry can have more than one registry name:
  • Registry name: This can be any string (for example, Tunnel2)
  • Type: REG_MULTI_SZ
  • Data: <IPv4Address or IPv6Address> <SPN4> <SPN5> <SPN6>
The IP address is the address of the tunnel destination and should be the first string in the entry.

The maximum number of SPNs configured per entry is 10.

Note If the size of the entry (including the IP address size) exceeds 16,384 characters, that entry will be ignored. The maximum number of tunnels that can be configured under the registry path is 1,024.

5: Troubleshooting

If IPsec connection failures occur, follow these steps to troubleshoot the issue:
  1. Make sure that the correct configuration is performed as described in the earlier sections.
  2. Examine the event logs to determine whether the failure is thrown at the initiator or the responder.
  3. In Windows 8 and later versions, there are no changes on the responder side. So, the failure can only be from the initiator. If a failure occurs, IKE traces will show a message that resembles the following in the log:

    AuthIP peer SPN did NOT match configured SPN
  4. In Windows 7 and earlier versions, the failure can be generated from the initiator or the responder.
If there are initiator-side failures, the following events are logged.
Collapse this tableExpand this table
Failure caseInitiatorResponder
IKEv1 An IPsec main mode negotiation failed. An IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication.
An IPsec main mode security association ended.
AuthIP An IPsec main mode negotiation failed. An IPsec main mode negotiation failed.
If there are responder-side failures, the following events are logged:
Collapse this tableExpand this table
Failure caseInitiatorResponder
IKEv1 An IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authenticationAn IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication.
An IPsec quick mode negotiation failed. An IPsec main mode security association ended.
An IPsec main mode security association ended. An IPsec quick mode negotiation failed.
AuthIP An IPsec main mode negotiation failed. An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.
An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.

IKE Traces

  1. Enable the IKE tracing and reproduce the issue.
  2. Stop the IKE tracing.
  3. Share the Ikeext.etl file from C:\windows\system32 to the Microsoft support team.
If there are failures, IKE traces will display the following logs.

Failure because of EKU:
  • Peer certificate custom EKU did NOT match with configured EKU for AUTHIP
  • Peer certificate custom EKU did NOT match with configured EKU for IKE
Failure because of Cert:
  • IKE peer certificate DNS Name did NOT matched with configured DNS names
  • AUTHIP peer certificate DNS Name did NOT match with configured DNS names

Windows XP and Windows Server 2003

Oakley logs help identify the cause of IPsec-related failures.

To enable IPsec logging, at a command prompt, type the following command, and then press Enter:
Netsh IPsec dynamic set config ikelogging 1
Then, to reproduce the failure case, type the following command:
Netsh IPsec dynamic set config ikelogging 0
The Oakley log is generated in the following folder:
C:\winodws\Debug
If there are failures, IKE traces will display the following logs.

Failure because of EKU:
  • Peer certificate custom EKU did NOT matched with configured EKU for IKEv1
Failure because of Cert:
  • Peer certificate DNS Name did NOT match with configured DNS name for IKEv1
Note In the message information listed here, "did NOT matched" is a typo that appears in the code.

References

For more information about DirectAccess, go to the following Microsoft webpage:
http://technet.microsoft.com/en-us/library/hh831416
For more information about CA, see the Advanced Deployment Guide webpage:
http://technet.microsoft.com/en-us/library/hh831436
For more information about how to deploy a single remote access server, go to the following Microsoft Basic Remote Access deployment webpage:
http://technet.microsoft.com/en-us/library/hh831520
For more information about site-to-site VPN, go to the following Microsoft Test Lab Guide webpage:
http://technet.microsoft.com/en-us/library/jj574084.aspx

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows XP and Windows Server 2003 file information

Collapse this imageExpand this image
assets folding start collapsed
  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Oakley.dll5.1.2600.6462278,52812-Oct-201315:56x86

For all supported x64-based versions of Windows Server 2003 and Windows XP Professional x64 edition

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Oakley.dll5.2.3790.5238407,04013-Oct-201305:37x64SP2SP2QFE
Woakley.dll5.2.3790.5238361,47213-Oct-201305:37x86SP2SP2QFE\WOW

For all supported x86-based versions of Windows Server 2003

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Oakley.dll5.2.3790.5238361,47212-Oct-201315:57x86

For all supported IA-64-based versions of Windows Server 2003

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Oakley.dll5.2.3790.5238565,76013-Oct-201305:37IA-64SP2SP2QFE
Woakley.dll5.2.3790.5238361,47213-Oct-201305:37x86SP2SP2QFE\WOW
Collapse this imageExpand this image
assets folding end collapsed

Windows Vista and Windows Server 2008 file information

Collapse this imageExpand this image
assets folding start collapsed
  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Collapse this tableExpand this table
    VersionProductMilestoneService branch
    6.0.6002. 18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002. 23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.0.6002.18005334,84811-Apr-200906:28x86
Fwpkclnt.sys6.0.6002.1800599,81611-Apr-200906:32x86
Fwpuclnt.dll6.0.6002.18960596,48011-Oct-201302:07x86
Ikeext.dll6.0.6002.18960444,92811-Oct-201302:08x86
Wfp.mofNot applicable81405-Jan-200811:29Not applicable
Wfp.tmfNot applicable218,22811-Oct-201300:39Not applicable
Bfe.dll6.0.6002.23243334,84812-Oct-201302:52x86
Fwpkclnt.sys6.0.6002.2324398,24012-Oct-201303:24x86
Fwpuclnt.dll6.0.6002.23243596,48012-Oct-201302:53x86
Ikeext.dll6.0.6002.23243446,46412-Oct-201302:53x86
Wfp.mofNot applicable81409-Sep-201111:41Not applicable
Wfp.tmfNot applicable218,58012-Oct-201301:42Not applicable

For all supported x64-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.0.6002.18005458,24011-Apr-200907:11x64
Fwpkclnt.sys6.0.6002.18005166,88811-Apr-200907:15x64
Fwpuclnt.dll6.0.6002.18960781,82411-Oct-201304:23x64
Ikeext.dll6.0.6002.18960462,84811-Oct-201304:23x64
Wfp.mofNot applicable81405-Jan-200811:29Not applicable
Wfp.tmfNot applicable217,07411-Oct-201302:29Not applicable
Bfe.dll6.0.6002.23243458,24012-Oct-201303:19x64
Fwpkclnt.sys6.0.6002.23243165,31212-Oct-201303:51x64
Fwpuclnt.dll6.0.6002.23243781,82412-Oct-201303:20x64
Ikeext.dll6.0.6002.23243464,38412-Oct-201303:20x64
Wfp.mofNot applicable81415-Nov-201115:19Not applicable
Wfp.tmfNot applicable217,46612-Oct-201302:11Not applicable
Fwpuclnt.dll6.0.6002.18960596,48011-Oct-201302:07x86
Wfp.mofNot applicable81426-Sep-201312:46Not applicable
Fwpuclnt.dll6.0.6002.23243596,48012-Oct-201302:53x86
Wfp.mofNot applicable81409-Sep-201111:41Not applicable

For all supported IA-64-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.0.6002.18005781,31211-Apr-200906:59IA-64
Fwpkclnt.sys6.0.6002.18005262,63211-Apr-200907:03IA-64
Fwpuclnt.dll6.0.6002.189601,124,35211-Oct-201303:43IA-64
Ikeext.dll6.0.6002.18960944,12811-Oct-201303:43IA-64
Wfp.mofNot applicable81403-Jan-200818:54Not applicable
Wfp.tmfNot applicable217,25411-Oct-201302:05Not applicable
Bfe.dll6.0.6002.23243781,31212-Oct-201302:17IA-64
Fwpkclnt.sys6.0.6002.23243261,05612-Oct-201302:52IA-64
Fwpuclnt.dll6.0.6002.232431,124,35212-Oct-201302:18IA-64
Ikeext.dll6.0.6002.23243946,68812-Oct-201302:18IA-64
Wfp.mofNot applicable81415-Mar-201105:52Not applicable
Wfp.tmfNot applicable217,51612-Oct-201301:24Not applicable
Fwpuclnt.dll6.0.6002.18960596,48011-Oct-201302:07x86
Wfp.mofNot applicable81426-Sep-201312:46Not applicable
Fwpuclnt.dll6.0.6002.23243596,48012-Oct-201302:53x86
Wfp.mofNot applicable81409-Sep-201111:41Not applicable
Collapse this imageExpand this image
assets folding end collapsed

Windows 7 and Windows Server 2008 R2 file information

Collapse this imageExpand this image
assets folding start collapsed
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Collapse this tableExpand this table
    VersionProductMilestoneService branch
    6.1.7601. 18xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601. 22xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.1.7601.17514494,59220-Nov-201012:18x86
Fwpuclnt.dll6.1.7601.18283216,57612-Oct-201302:01x86
Ikeext.dll6.1.7601.18283679,42412-Oct-201302:01x86
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201302:33Not applicable
Nshwfp.dll6.1.7601.18283656,89612-Oct-201302:03x86
Wfp.mofNot applicable82210-Jun-200921:32Not applicable
Bfe.dll6.1.7601.22479496,12812-Oct-201301:55x86
Fwpuclnt.dll6.1.7601.22479216,57612-Oct-201301:56x86
Ikeext.dll6.1.7601.22479681,47212-Oct-201301:56x86
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201302:21Not applicable
Nshwfp.dll6.1.7601.22479657,92012-Oct-201301:57x86
Wfp.mofNot applicable82210-Jun-200921:32Not applicable

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.1.7601.17514705,02420-Nov-201013:25x64
Fwpuclnt.dll6.1.7601.18283324,09612-Oct-201302:29x64
Ikeext.dll6.1.7601.18283859,64812-Oct-201302:29x64
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201303:06Not applicable
Nshwfp.dll6.1.7601.18283830,46412-Oct-201302:30x64
Wfp.mofNot applicable82210-Jun-200920:51Not applicable
Bfe.dll6.1.7601.22479706,56012-Oct-201302:23x64
Fwpuclnt.dll6.1.7601.22479324,09612-Oct-201302:24x64
Ikeext.dll6.1.7601.22479861,18412-Oct-201302:24x64
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201302:49Not applicable
Nshwfp.dll6.1.7601.22479832,00012-Oct-201302:25x64
Wfp.mofNot applicable82210-Jun-200920:51Not applicable
Fwpuclnt.dll6.1.7601.18283216,57612-Oct-201302:01x86
Nshwfp.dll6.1.7601.18283656,89612-Oct-201302:03x86
Wfp.mofNot applicable82204-Jul-201312:21Not applicable
Fwpuclnt.dll6.1.7601.22479216,57612-Oct-201301:56x86
Nshwfp.dll6.1.7601.22479657,92012-Oct-201301:57x86
Wfp.mofNot applicable82209-Jul-201306:28Not applicable

For all supported IA-64-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.1.7601.175141,071,61620-Nov-201010:24IA-64
Fwpuclnt.dll6.1.7601.18283566,27212-Oct-201301:34IA-64
Ikeext.dll6.1.7601.182831,500,16012-Oct-201301:34IA-64
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201301:59Not applicable
Nshwfp.dll6.1.7601.182831,112,06412-Oct-201301:36IA-64
Wfp.mofNot applicable82210-Jun-200920:57Not applicable
Bfe.dll6.1.7601.224791,074,17612-Oct-201301:24IA-64
Fwpuclnt.dll6.1.7601.22479566,27212-Oct-201301:24IA-64
Ikeext.dll6.1.7601.224791,503,74412-Oct-201301:24IA-64
Networksecurity-ppdlic.xrm-msNot applicable3,02812-Oct-201301:44Not applicable
Nshwfp.dll6.1.7601.224791,113,60012-Oct-201301:25IA-64
Wfp.mofNot applicable82210-Jun-200920:57Not applicable
Fwpuclnt.dll6.1.7601.18283216,57612-Oct-201302:01x86
Nshwfp.dll6.1.7601.18283656,89612-Oct-201302:03x86
Wfp.mofNot applicable82204-Jul-201312:21Not applicable
Fwpuclnt.dll6.1.7601.22479216,57612-Oct-201301:56x86
Nshwfp.dll6.1.7601.22479657,92012-Oct-201301:57x86
Wfp.mofNot applicable82209-Jul-201306:28Not applicable
Collapse this imageExpand this image
assets folding end collapsed

Windows 8 and Windows Server 2012 file information

Collapse this imageExpand this image
assets folding start collapsed
  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Collapse this tableExpand this table
    VersionProductMilestoneService branch
    6.2.920 0.16 xxxWindows 8 and Windows Server 2012RTMGDR
    6.2.920 0.20 xxxWindows 8 and Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.2.9200.16734473,60010-Oct-201309:28x86
Fwpuclnt.dll6.2.9200.16634245,24810-Jun-201319:10x86
Ikeext.dll6.2.9200.16734683,52010-Oct-201309:29x86
Nshwfp.dll6.2.9200.16634702,46410-Jun-201319:10x86
Bfe.dll6.2.9200.20846473,60010-Oct-201322:30x86
Fwpuclnt.dll6.2.9200.20569245,24827-Nov-201204:22x86
Ikeext.dll6.2.9200.20846683,52010-Oct-201322:30x86
Nshwfp.dll6.2.9200.20846702,46410-Oct-201322:30x86
Bfe.dll6.2.9200.16734473,60010-Oct-201309:28x86
Fwpuclnt.dll6.2.9200.16634245,24810-Jun-201319:10x86
Ikeext.dll6.2.9200.16734683,52010-Oct-201309:29x86
Networksecurity-ppdlic.xrm-msNot applicable2,92010-Oct-201310:06Not applicable
Nshwfp.dll6.2.9200.16634702,46410-Jun-201319:10x86
Wfplwfs.sys6.2.9200.1673438,74410-Oct-201310:07x86
Bfe.dll6.2.9200.20846473,60010-Oct-201322:30x86
Fwpuclnt.dll6.2.9200.20569245,24827-Nov-201204:22x86
Ikeext.dll6.2.9200.20846683,52010-Oct-201322:30x86
Networksecurity-ppdlic.xrm-msNot applicable2,92010-Oct-201323:31Not applicable
Nshwfp.dll6.2.9200.20846702,46410-Oct-201322:30x86
Wfplwfs.sys6.2.9200.2084238,74410-Oct-201323:37x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.2.9200.16734723,96810-Oct-201309:20x64
Fwpuclnt.dll6.2.9200.16634381,95210-Jun-201319:15x64
Ikeext.dll6.2.9200.167341,160,19210-Oct-201309:21x64
Nshwfp.dll6.2.9200.16634888,83210-Jun-201319:16x64
Bfe.dll6.2.9200.20846718,84810-Oct-201322:26x64
Fwpuclnt.dll6.2.9200.20569378,88027-Nov-201204:25x64
Ikeext.dll6.2.9200.208461,074,68810-Oct-201322:26x64
Nshwfp.dll6.2.9200.20846888,83210-Oct-201322:26x64
Bfe.dll6.2.9200.16734723,96810-Oct-201309:20x64
Fwpuclnt.dll6.2.9200.16634381,95210-Jun-201319:15x64
Ikeext.dll6.2.9200.167341,160,19210-Oct-201309:21x64
Networksecurity-ppdlic.xrm-msNot applicable2,92010-Oct-201311:50Not applicable
Nshwfp.dll6.2.9200.16634888,83210-Jun-201319:16x64
Wfplwfs.sys6.2.9200.1673496,60010-Oct-201311:53x64
Bfe.dll6.2.9200.20846718,84810-Oct-201322:26x64
Fwpuclnt.dll6.2.9200.20569378,88027-Nov-201204:25x64
Ikeext.dll6.2.9200.208461,074,68810-Oct-201322:26x64
Networksecurity-ppdlic.xrm-msNot applicable2,92011-Oct-201300:50Not applicable
Nshwfp.dll6.2.9200.20846888,83210-Oct-201322:26x64
Wfplwfs.sys6.2.9200.2084296,60011-Oct-201300:54x64
Fwpuclnt.dll6.2.9200.16634245,24810-Jun-201319:10x86
Nshwfp.dll6.2.9200.16634702,46410-Jun-201319:10x86
Fwpuclnt.dll6.2.9200.20569245,24827-Nov-201204:22x86
Nshwfp.dll6.2.9200.20846702,46410-Oct-201322:30x86
Collapse this imageExpand this image
assets folding end collapsed

Windows 8.1 and Windows Server 2012 R2 file information

Collapse this imageExpand this image
assets folding start collapsed

For all supported x86-based versions of Windows 8.1

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.3.9600.16427549,88812-Oct-201321:14x86
Fwpuclnt.dll6.3.9600.16384264,19222-Aug-201302:40x86
Ikeext.dll6.3.9600.16427730,11212-Oct-201321:02x86
Nshwfp.dll6.3.9600.16384566,78422-Aug-201302:19x86
Bfe.dll6.3.9600.16427549,88812-Oct-201321:14x86
Fwpuclnt.dll6.3.9600.16384264,19222-Aug-201302:40x86
Ikeext.dll6.3.9600.16427730,11212-Oct-201321:02x86
Networksecurity-ppdlic.xrm-msNot applicable3,05913-Oct-201300:27Not applicable
Nshwfp.dll6.3.9600.16384566,78422-Aug-201302:19x86
Wfplwfs.sys6.3.9600.1642769,46413-Oct-201300:45x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Bfe.dll6.3.9600.16427828,41612-Oct-201321:48x64
Fwpuclnt.dll6.3.9600.16384411,13622-Aug-201309:43x64
Ikeext.dll6.3.9600.164271,104,38412-Oct-201321:34x64
Nshwfp.dll6.3.9600.16384716,80022-Aug-201309:11x64
Bfe.dll6.3.9600.16427828,41612-Oct-201321:48x64
Fwpuclnt.dll6.3.9600.16384411,13622-Aug-201309:43x64
Ikeext.dll6.3.9600.164271,104,38412-Oct-201321:34x64
Networksecurity-ppdlic.xrm-msNot applicable3,05913-Oct-201302:41Not applicable
Nshwfp.dll6.3.9600.16384716,80022-Aug-201309:11x64
Wfplwfs.sys6.3.9600.16427136,53613-Oct-201302:48x64
Fwpuclnt.dll6.3.9600.16384264,19222-Aug-201302:40x86
Nshwfp.dll6.3.9600.16384566,78422-Aug-201302:19x86
Collapse this imageExpand this image
assets folding end collapsed

File hash information

Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameSHA1 hashSHA256 hash
Windows6.0-KB2862152-ia64.msu80EE12A2E51477C621392A0665BC837CFF8FC29B55D9566C4062721EA0B8C9B02B2DE1FC5A48B6216338012BA7C3E15C9F78EC4A
Windows6.0-KB2862152-x64.msuE24C86C21DDD00ADA6B49EE1C2A037F9D2CBD8EF5C2D595720F98D351400593A562DBD5812AAAADE31E7B92E8B2493771AF8EDD3
Windows6.0-KB2862152-x86.msuC062CCF8CCCB24411D223934451EB25323C5B9BC1EE3C6408CC3EE8CACA8CA0C9A23089AE8F4461FFB277414F9EFC0E61B2A30B5
Windows6.1-KB2862152-ia64.msu61E5FC414F88C1B15FB27AB905AB67652B188FF2C76E6DBBF345D2CA602AA4DCA83C780A7DF12D13F7570FDF57A605D81C33173F
Windows6.1-KB2862152-x64.msu72BBAF8697440A998DF17DB09A69B24D96C4FE077764527EA105A36339EAF0DD09B45DE8EEB3EF68B4E09B69104FD63040C97365
Windows6.1-KB2862152-x86.msuEAC008F3D7E22B10E646D969656C48C25FADC6B464E90C46DC94A68DC5B2DA9AEB426EB07E660F5D32AB85A6111103F15E115F47
Windows8-RT-KB2862152-x64.msu717A29A94CFCCE8F663E555075CDE12E2A7A836DA1EC074D8B1576CC3F7E5847451EA13E9D189ABFF1B0C05100522C579580345E
Windows8-RT-KB2862152-x86.msuB762EE6FDB2CE341546C3A93C919CD5A482A99A9CC2B0CEFEEFAAEC76966530C38B88281F4DEE46223DE7348E2C258DAB06E6C2E
Windows8.1-KB2862152-x64.msuEC8DF98AE6D52A827266403A267F708A9CDE9B3826068674EFEE40DA6B682429FD8876DE75405A83FE3A3689711884188FB3B3AE
Windows8.1-KB2862152-x86.msu63D555F539C3D80AF8C4CE23179A9DE4478105020FB82BB48506DE4883E4DCF518E7745AEBF56B47DD9F314563B7B8EA49B24155
WindowsServer2003-KB2862152-ia64-DEU.exe5BD38A43C1E04B8CDF94DF9F4B7C58F6B93B4C274004B7BACEFF854FD4E8FD72B7BCD5A07AD29A3B3979CAF738C41117487B557D
WindowsServer2003-KB2862152-ia64-ENU.exeCC67EC663C2C933B2781436EA37F6BE2AEADD4C186A30C9F2DB197C099EE5BDB95CA7B7121D87D94A8AB3ADEAEAB64E099BAD7C9
WindowsServer2003-KB2862152-ia64-FRA.exeFD8AF00F493485D70C94E1113DB955F2F677444458E4A5925C0A400BC3FCA664DC0E60FC930FFB54CD7879D4E0620A5DC3ADD996
WindowsServer2003-KB2862152-ia64-JPN.exeBC417216D77EABAED92C54C1828C09A8F1EE266A7122AF3D47607C5A6E7BADB8A0A740714FB908975074C7D64B6E0F9C23CA6141
WindowsServer2003-KB2862152-x86-CHS.exe7E8BBBA255E7DC0BE62AE188A40A8F004FCB5E4F4DFA6A4E6CF86DC4BA1EA0F10204F8275EB61F28B2BF5D5AC58F314760614272
WindowsServer2003-KB2862152-x86-CHT.exeC3707B843C2914F02FF728691B7489460557328B7B4829AE8CA47CF789FC3C084291B30D99D24497C5223AAD2968DCE0E7A2A214
WindowsServer2003-KB2862152-x86-CSY.exe17B5A8D82581E04B3DC8359A55A0775E53BAF1A65049340582FB9E145B2B3104B1066984AEBB1EE352064F1D7C9C6BDA073D2097
WindowsServer2003-KB2862152-x86-DEU.exeA75DC6744A60D8CADB39D1D9963FAC7B608CAA89982A7F6DF2067AA891E6890D0119CD1D5CA2FCB6238CF341D47293B80B7A3EBA
WindowsServer2003-KB2862152-x86-ENU.exe8D96F688B35EFA32EEC1B05C92A8422D304E972D5192DD6E6C38C635AFF68A926C60FFF1FDC1433982E5C0FFFAEE5C3EDD9C6F2C
WindowsServer2003-KB2862152-x86-ESN.exe37DCEF5107C1C157B738FED12CAC921100EEFF6F63D2CDD7D92FEAD9F72D0BEC29B5B4B25626B814BAEF517AF3B9B9252993B1E2
WindowsServer2003-KB2862152-x86-FRA.exe60BB2ECB93869D41E432901ADB1D3ED4B71CD7000E37AB5EE438261F8B2B623180BE12B05AD13ECA4F7D246D6EBC90110E2EF179
WindowsServer2003-KB2862152-x86-HUN.exe0EEEB1F90C9BBDBC12368029DD5DCBC94A9499E8ACE72D7C2CF26E99044BF7B19CBBC25067BAA7B5972C656C1AB0256DD43B877E
WindowsServer2003-KB2862152-x86-ITA.exeDC2AB04A66B46AA9F97B817924007E9FCD5EB306F032AE531AF7C4B9B03DB92F4470D37E4F9A078EFAEE7DB8C2DE7C3AEB54A7F5
WindowsServer2003-KB2862152-x86-JPN.exe1FBBBEC7AB9B764D439213E5ACD7278F6114792F42F8DB54F37DD659221168226CDBADE0F1614FB7FF06DB3C037667EF4661DDB8
WindowsServer2003-KB2862152-x86-KOR.exeB7CBCEA8AFCE0A77273B5264B0E90EE57BEA8423E24C14DB1809D6E7A9AE7D2BF52E84B591B7332D3F073D6272CACF2434573ADB
WindowsServer2003-KB2862152-x86-NLD.exe799BE730609FE5D4CDB56F46A1F4520F50183A9E4FD53C68F54668FE0CCE9F51DA1EFFF36E6050C5CBBD42E94C3453C036C54BAF
WindowsServer2003-KB2862152-x86-PLK.exeB5160A3964D9DD776E6DD659B47593270FA4D79D4E5C3C8B9859BFA8F83CBA2D7042A956CA8A69AFFF123E09899D16312FCA6D12
WindowsServer2003-KB2862152-x86-PTB.exe83CCFE642630C0054105D0441FEA09204DEA86CE4156FF7C97627C42A95871F1D8666ECF36C6146A38804BE71C2C93EF082052DE
WindowsServer2003-KB2862152-x86-PTG.exeB7D66DB2EF501D9DF68ECE685D095EABE4CDE2768E88E57841BF640E5382E0808DEEA5F9FCFBD91CC0C502D071969A6BCAE4C7FB
WindowsServer2003-KB2862152-x86-RUS.exeB982BCC1C5D1C0AF677940555429223C7D134E7DE7D524899F14DD4739C48056468D66C8C59DBD6BF629942060AECF3397307F72
WindowsServer2003-KB2862152-x86-SVE.exe4EF34DE5D662004089E77A23F162A47359E5BFFA6C779C1F31C7B2587D4B097998B1C28D63FDAB19DF5AF9E6263A1F49E15FBFFE
WindowsServer2003-KB2862152-x86-TRK.exe5506F386C876A0BDB71D722BE785CC9C4B6DBB488443ADF3249DBD3C8A1C0939B4DFC717EE94B9DD609CAAD40317992EA33E6006
WindowsServer2003.WindowsXP-KB2862152-x64-CHS.exeD15894E4D38D740F1F6D40EF14D1E2CB663D37409AD8CA4C5AD11E261E1726009182FF9D256FF37C17F5CA296AFE28859D5B6E5E
WindowsServer2003.WindowsXP-KB2862152-x64-CHT.exeE69F9455BA88CCF1F579118C0DA787A3AB66DE4347FB6E9D05D63C7984E745B7709E11E27D595BA385FF667EB31DD5922F9581AA
WindowsServer2003.WindowsXP-KB2862152-x64-DEU.exeE6F17C263EB3824534D3A23187C51382393A9111A09D50A344E7ECF3010C0B5530EB36C74FCE039985E9950A67FA1B971B31E5A0
WindowsServer2003.WindowsXP-KB2862152-x64-ENU.exeD97C7E8E60E51CEB4C10F40CD0163DFCC0FA0E1313BCFE30002F3AD0280D14287B22FBF830297EF839A93C6E539EBB19814073F5
WindowsServer2003.WindowsXP-KB2862152-x64-ESN.exeEEA452A980769A5B00D163EE7390B11579345E4AEF97F201F03D7CA58FF4B9C84B1F301DBAA750EA39BD55207BD3F2A7F97258DD
WindowsServer2003.WindowsXP-KB2862152-x64-FRA.exe6E6B16D63B5CA7D55CE90A4569EF9BB486FBE2E85F44490CA1A9349C879E8BFC0CF01A7BAC0A296125ED9762FAACF0218F84CEEE
WindowsServer2003.WindowsXP-KB2862152-x64-ITA.exe4C0A6CF4A7B836918B139EA4947702CDB203F29C91CE056ACFF2C1022BFCD7A52850EF1C2341718207BDBAD8FEDEDAB17A48978D
WindowsServer2003.WindowsXP-KB2862152-x64-JPN.exeF3CD39130480F41AB23B09848A4A75BE1598B9F2D8FEECC1A21175819FF43C008A9CC2111E94CBE5B2D7D20C82645AFAEC10FA39
WindowsServer2003.WindowsXP-KB2862152-x64-KOR.exe6AF20E71CF92A1D968E4D59894FFF9BF267361FB220642EFC5483967286C554D6E39B3929650100ED0C6AAC3BB0F69739129F950
WindowsServer2003.WindowsXP-KB2862152-x64-PTB.exeCBB061A4942A123BC69DA4AA57F5D0AB1B49E365C502413E7680C55E82F2D9A7D1B8EA8958D7967A758FFABD18C38806BA271360
WindowsServer2003.WindowsXP-KB2862152-x64-RUS.exeE0FA5FB8342E2ED7C74762ED70AC69744BB77ED89F2A281001193FEFE1F70B776E62553971CCBB1219B605800526C48AB66955CF
WindowsXP-KB2862152-x86-ARA.exe08C5CAA13FC12FF96BE70EB407EDB46E53631B028D0826034D9A7B390BF54E25A0F54CB7C29A9335C201FD5F7334899B5E159048
WindowsXP-KB2862152-x86-CHS.exe44115DD4A313FE9FE60C718F9C5EA351B134810EB93335E701871D7308B212556AE62CA68164931662CAAEEBA3F6FA8A2FC1792D
WindowsXP-KB2862152-x86-CHT.exe2C50E771B0E2AFC7970BF6C50122C3C52563F79CD27B6B2A20FF1273BB4A145B69F88A4AC57E6118D2DF5C0068ECF348840808FB
WindowsXP-KB2862152-x86-CSY.exeBD3DF5F3DD9711701926652FCBBB8F7BCEECC20B311FFDB7C7FDD1BD9A9A4347F29B2ED4322248F9938C48598E175E1B2E932DEF
WindowsXP-KB2862152-x86-DAN.exeD862174B345C67E95F9A8BE9E32B0EE42375231D7687F536680D58036F3A154C695C0DADE51A1A459757005397B0B2C08E2B1A6B
WindowsXP-KB2862152-x86-DEU.exeEC84928C2543F65D5EFB65FECF26C714AA85CF4FE884909D9E9B884E364BD3EACC7C93436FF586398C43D0F7E0E457D140C737FB
WindowsXP-KB2862152-x86-ELL.exe53F4E15D7E65B9973DF6C95F1BEFD95579EEAF09C467E34B2F5FACB6C3B81CBDF63036DCB53933162193F6F32F0D2D0A8F4831F8
WindowsXP-KB2862152-x86-ENU.exe0457906284FF7FD706D77A69AC337CE7F65C79190CC60947AFACBA9D8DF0BB3E7D6A6FA4E51C67AFCAE87082E2956B1534E05F9E
WindowsXP-KB2862152-x86-ESN.exe6FC07F443C1C20F9DBABBDEF941FE7EA867493CA092BD98A6D86FCBD5B2F80C9533B54B1EBC07A6752A1D8751369BA410FB52ED6
WindowsXP-KB2862152-x86-FIN.exe547B01212FBC27DEE724EC2DC38DE50F919094A123620EFC04CF1695E9E3C9B0F8E023A22053088386EF49186F98156171861D43
WindowsXP-KB2862152-x86-FRA.exeD0F53AAD13B2B0A79762801D134E7E40D805F10538718267E7C8090E8C407B2E68F3F6CA7205FCC8246F521E653DA9884512909D
WindowsXP-KB2862152-x86-HEB.exe8E965464A33CBF7FDD07B152E39843445B5D9B37ADDC0E3FD19E02559EE684339B0CFDF61F74B812CC7A8DE22360779BB36D9E6C
WindowsXP-KB2862152-x86-HUN.exe5600AE08B7CEA40FB83416784E2F39D2C0912D325590CA39913D20F9F66A364A8CAF55B1627BCFCE84019A471457AAE7243519CE
WindowsXP-KB2862152-x86-ITA.exe0320BED1B72A0A93A60323CDF19018190CE6C852103B7DF4D26767943618099A21D1C28E713E51A41F46CD8A6471A21B67FAC58F
WindowsXP-KB2862152-x86-JPN.exeE5BFF9F5D16658B02BB69C1B967A3C232604B02F6F21CFDFA9EE500970B8712F441682C8539074E7DB85493233448D105B0B1B85
WindowsXP-KB2862152-x86-KOR.exeA30EC90A5C4E9A28FB91505EB50426F0411AD788E44D2458F5899BCC6E992C05AC9F3E25E508A6C9408C0B90723FE6DFCB0F0DC1
WindowsXP-KB2862152-x86-NLD.exe9C7C9B75979D0DD6653D31743C1B99DCE50D3FB74008D539CCB0CFDC7503E5FB1D38BFABCF7ECAE7C1ED1C65926ECE19E3B8A581
WindowsXP-KB2862152-x86-NOR.exeB2C79C2E9A3D4AEC07AC0CA95990109AB23546F0080BE1727CE5D3BDF3D96A20D4D961959E4FB0D2BB82FF3F99DEAB920CCDD42C
WindowsXP-KB2862152-x86-PLK.exe337C1A1BA95EDBF09E9406BE80748D1DB80346CFC54AD936F9051AABA23906BF9D04EDAE32F3CAB3B2A57EA75B44E12A95500C89
WindowsXP-KB2862152-x86-PTB.exe4C3F4AD1510F0373F0F4E6B73CDDAE9B66392CABC30CA0116215D36D540A4062AFA7C7F45EA956F77CB6B9CA109D2B96628B338C
WindowsXP-KB2862152-x86-PTG.exe5927992A54D4AF2429C755CED1050D2447CD15EA8AF1670ED2B30CFD201CD250DED392ED7375FD8EB4916F6FAD5CB0BD7A09F38B
WindowsXP-KB2862152-x86-RUS.exe69CCC88DDA04A5EAB488D651EFD0FE2BF1C3DE1EAAAABC926CECD40D5866207181BAF6BFF7D3D17D51DE8E2B4EDCFD334599F11B
WindowsXP-KB2862152-x86-SVE.exeECAE50464CC4E4711D69DBFCA79FA50CC3C14D276067587091E45118B8A480C1BC202EB1D4D61FD740B19D381101136F129201E7
WindowsXP-KB2862152-x86-TRK.exe1F11C641C93BF5073C3DA66C03FEC93CAEF3A1717DB972F5221D697263B0DE5CE8A1748D4E9F9B2591951C9A943EDC669B422190
Collapse this imageExpand this image
assets folding end collapsed

Properties

Article ID: 2862152 - Last Review: December 2, 2013 - Revision: 2.0
Applies to
  • Windows RT 8.1
  • Windows 8.1
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows Server 2012 R2 Standard
  • Windows RT
  • Windows 8
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2012 Standard
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2862152

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com