Article ID: 2973337 - View products that this article applies to.
Expand all | Collapse all

On This Page

About this update

After you apply this update, the signature and hash algorithm combinations for RSA\SHA512 and ECDSA\SHA512 are enabled for the Transport Layer Security (TLS) 1.2 protocol. This means that you can now use SHA512 certificates on your computer.

If you currently use SHA512 certificates, and do not have this update installed, you may have problems in one or more of the following scenarios by using TLS 1.2:
  • Internet Protocol security (IPsec) stand-alone
  • IPSec with DirectAccess
  • Microsoft Lync Server 2013
  • Remote Desktop Services (RDP)
  • SSL websites
  • SSL based VPN
  • Web applications

Notes 
  • RSA\SHA512 means that the RSA signature algorithm is combined with SHA512 hash algorithm.
  • ECDSA\SHA512 means that the Elliptic Curve Digital Signature Algorithm (ECDSA) is combined with SHA512 hash algorithm.

How to obtain this update

For Windows 8.1 or Windows Server 2012 R2

The following update rollup is available:
Get update rollup 2975719

For Windows 8 or Windows Server 2012

The following update rollup is available:
Get update rollup 2975331

For Windows 7 or Windows Server 2008 R2

Method 1: Windows Update

This update is available from Windows Update.

Method 2: Microsoft Download Center

The following files are also available for download from the Microsoft Download Center:
Collapse this tableExpand this table
Operating systemUpdate
All supported x86-based versions of Windows 7
Collapse this imageExpand this image
Download
Download the package now.
All supported x64-based versions of Windows 7
Collapse this imageExpand this image
Download
Download the package now.
All supported x64-based versions of Windows Server 2008 R2
Collapse this imageExpand this image
Download
Download the package now.
All supported IA-64-based versions of Windows Server 2008 R2
Collapse this imageExpand this image
Download
Download the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information

Prerequisites

There is no prerequisite to apply this update.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

File information

Collapse this imageExpand this image
assets folding start collapsed
The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

For all supported x86-based versions of Windows 7
Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Cng.sys6.1.7601.17919369,8484-Jul-1312:16x86
Ksecdd.sys6.1.7601.1848967,52030-May-147:53x86
Ksecpkg.sys6.1.7601.18489136,64030-May-147:53x86
Lsasrv.dll6.1.7601.184891,059,84030-May-147:52x86
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Lsass.exe6.1.7601.1848922,52830-May-147:52x86
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.18489100,35230-May-147:52x86
Sspisrv.dll6.1.7601.1848915,87230-May-147:52x86
Cng.sys6.1.7601.22076369,8489-Jul-136:16x86
Ksecdd.sys6.1.7601.2270567,52030-May-147:35x86
Ksecpkg.sys6.1.7601.22705136,64030-May-147:35x86
Lsasrv.dll6.1.7601.227051,060,86430-May-147:35x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Lsass.exe6.1.7601.2270522,52830-May-147:34x86
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.22705100,35230-May-147:35x86
Sspisrv.dll6.1.7601.2270515,87230-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
Collapse this imageExpand this image
assets folding end collapsed
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Certcli.dll6.1.7601.22705463,87230-May-148:00x64
Cng.sys6.1.7601.17919458,7124-Jul-1312:18x64
Ksecdd.sys6.1.7601.1848995,68030-May-148:09x64
Ksecpkg.sys6.1.7601.18489155,07230-May-148:09x64
Lsasrv.dll6.1.7601.184891,460,73630-May-148:08x64
Lsasrv.mofNot applicable13,7804-Jul-1312:20Not applicable
Lsass.exe6.1.7601.1848931,23230-May-148:07x64
Secur32.dll6.1.7601.1848928,16030-May-148:08x64
Sspicli.dll6.1.7601.18489136,19230-May-148:08x64
Sspisrv.dll6.1.7601.1848929,18430-May-148:08x64
Cng.sys6.1.7601.22076458,7049-Jul-136:26x64
Ksecdd.sys6.1.7601.2270595,68030-May-148:01x64
Ksecpkg.sys6.1.7601.22705155,07230-May-148:01x64
Lsasrv.dll6.1.7601.227051,462,27230-May-148:00x64
Lsasrv.mofNot applicable13,7809-Jul-136:30Not applicable
Lsass.exe6.1.7601.2270531,23230-May-148:00x64
Secur32.dll6.1.7601.2270528,16030-May-148:00x64
Sspicli.dll6.1.7601.22705136,19230-May-148:00x64
Sspisrv.dll6.1.7601.2270529,18430-May-148:00x64
Adtschema.dll6.1.7601.22705685,05630-May-147:55x64
Auditpol.exe6.1.7601.2270564,00030-May-147:59x64
Msaudite.dll6.1.7601.22705145,92030-May-147:57x64
Msobjs.dll6.1.7601.2270560,41630-May-147:57x64
Ncrypt.dll6.1.7601.18489307,20030-May-148:08x64
Ncrypt.dll6.1.7601.22705307,71230-May-148:00x64
Ocspisapi.dll6.1.7601.22705355,84030-May-148:00x64
Ocspisapictrs.hNot applicable1,4219-Jul-136:42Not applicable
Ocspisapictrs.iniNot applicable2,6369-Jul-136:42Not applicable
Ocspsvcctrs.iniNot applicable2,96030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,13430-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,91830-May-147:56Not applicable
Ocspsvcctrs.iniNot applicable3,21030-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable3,09830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,14030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,64230-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable2,57630-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02630-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02830-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable3,18830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,13030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,06430-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,09230-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable2,82830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,15830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,46030-May-149:06Not applicable
Ocspsvc.exe6.1.7601.22705276,48030-May-148:00x64
Ocspsvcctrs.hNot applicable1,5699-Jul-136:42Not applicable
Ocspsvcctrs.iniNot applicable2,9189-Jul-136:42Not applicable
Credssp.dll6.1.7601.1848922,01630-May-148:08x64
Tspkg.dll6.1.7601.1848986,52830-May-148:08x64
Tspkg.mofNot applicable9644-Jul-1312:25Not applicable
Credssp.dll6.1.7601.2270522,01630-May-148:00x64
Tspkg.dll6.1.7601.2270586,52830-May-148:00x64
Tspkg.mofNot applicable9649-Jul-136:41Not applicable
Wdigest.dll6.1.7601.18489210,94430-May-148:08x64
Wdigest.dll6.1.7601.22705210,94430-May-148:00x64
Kerberos.dll6.1.7601.18489728,06430-May-148:08x64
Kerberos.dll6.1.7601.22705729,08830-May-148:00x64
Msv1_0.dll6.1.7601.18489314,88030-May-148:08x64
Msv1_0.dll6.1.7601.22705315,90430-May-148:00x64
Schannel.dll6.1.7601.18489340,99230-May-148:08x64
Schannel.dll6.1.7601.22705340,99230-May-148:00x64
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.1848996,76830-May-147:51x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.2270596,76830-May-147:34x86
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
Certcli.dll6.1.7601.22705342,52830-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
Collapse this imageExpand this image
assets folding end collapsed
For all supported IA-64-based versions of Windows Server 2008 R2
Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Cng.sys6.1.7601.17919789,0244-Jul-1312:23IA-64
Ksecdd.sys6.1.7601.18489179,64830-May-147:22IA-64
Ksecpkg.sys6.1.7601.18489316,35230-May-147:22IA-64
Lsasrv.dll6.1.7601.184892,695,16830-May-147:22IA-64
Lsasrv.mofNot applicable13,7804-Jul-1312:25Not applicable
Lsass.exe6.1.7601.1848956,32030-May-147:21IA-64
Secur32.dll6.1.7601.1848948,64030-May-147:22IA-64
Sspicli.dll6.1.7601.18489275,45630-May-147:22IA-64
Sspisrv.dll6.1.7601.1848946,08030-May-147:22IA-64
Cng.sys6.1.7601.22076789,0249-Jul-136:23IA-64
Ksecdd.sys6.1.7601.22705179,64830-May-147:15IA-64
Ksecpkg.sys6.1.7601.22705316,35230-May-147:15IA-64
Lsasrv.dll6.1.7601.227052,697,21630-May-147:15IA-64
Lsasrv.mofNot applicable13,7809-Jul-136:28Not applicable
Lsass.exe6.1.7601.2270556,32030-May-147:14IA-64
Secur32.dll6.1.7601.2270548,64030-May-147:15IA-64
Sspicli.dll6.1.7601.22705275,45630-May-147:15IA-64
Sspisrv.dll6.1.7601.2270546,08030-May-147:15IA-64
Adtschema.dll6.1.7601.22705685,05630-May-147:10IA-64
Auditpol.exe6.1.7601.22705145,40830-May-147:14IA-64
Msaudite.dll6.1.7601.22705145,92030-May-147:12IA-64
Msobjs.dll6.1.7601.2270560,41630-May-147:12IA-64
Ncrypt.dll6.1.7601.18489551,93630-May-147:22IA-64
Ncrypt.dll6.1.7601.22705553,47230-May-147:15IA-64
Credssp.dll6.1.7601.1848949,66430-May-147:22IA-64
Tspkg.dll6.1.7601.18489188,41630-May-147:22IA-64
Tspkg.mofNot applicable9644-Jul-1312:32Not applicable
Credssp.dll6.1.7601.2270549,66430-May-147:15IA-64
Tspkg.dll6.1.7601.22705188,41630-May-147:15IA-64
Tspkg.mofNot applicable9649-Jul-136:41Not applicable
Wdigest.dll6.1.7601.18489475,13630-May-147:22IA-64
Wdigest.dll6.1.7601.22705475,13630-May-147:15IA-64
Kerberos.dll6.1.7601.184891,525,24830-May-147:22IA-64
Kerberos.dll6.1.7601.227051,526,27230-May-147:15IA-64
Msv1_0.dll6.1.7601.18489647,68030-May-147:22IA-64
Msv1_0.dll6.1.7601.22705650,24030-May-147:15IA-64
Schannel.dll6.1.7601.18489711,68030-May-147:22IA-64
Schannel.dll6.1.7601.22705712,19230-May-147:15IA-64
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.1848996,76830-May-147:51x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.2270596,76830-May-147:34x86
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
Collapse this imageExpand this image
assets folding end collapsed
Collapse this imageExpand this image
assets folding end collapsed

Status

Microsoft has confirmed that SHA512 hash algorithm is turned off by default for the TLS 1.2 protocol in the Microsoft products that are listed in the "Applies to" section.

More information

By default, the TLS hash algorithm SHA512 is disabled for the TLS 1.2 protocol on a computer that is running one of the affected products that are listed in this article. Therefore, you cannot use SHA512 as a hash algorithm between two computers that are using TLS 1.2 until you install the required updates that are listed in this article.

For more information about TLS, go to the following Microsoft website:
General information about Transport Layer Security (TLS)
For more information about SHA512, go to the following Wiki website:
General information about SHA2
For more information about how to deploy SHA512 certificates on client computers, go to the following Microsoft website:
How to deploy client computer certificates
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2973337 - Last Review: August 15, 2014 - Revision: 5.0
Applies to
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows 8.1
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows 8
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Foundation
  • Windows Server 2008 R2 for Itanium-Based Systems
  • Windows 7 Ultimate
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows 7 Starter
Keywords: 
kbfix atdownload kbexpertiseadvanced kbsurveynew KB2973337

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com