You are currently offline, waiting for your internet to reconnect

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014

INTRODUCTION
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
More information
On July 8, 2014, Microsoft released the following:
2973351 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014
2975625 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014
This update provides configurable registry settings for managing the Restricted Admin mode for Credential Security Support Provider (CredSSP).

Note The update changes default Restricted Admin mode functionality in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the FAQ section of the advisory. 

How to configure the Restricted Admin registry setting

ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756How to back up and restore the registry in Windows


The default behavior for Restricted Admin mode changed in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. By default, Restricted Admin mode is now turned off, and you have to enable it again after you install update 2973351 or 2975625 if it is required. Previously, Restricted Admin mode was turned on by default.  

To configure the Restricted Admin registry setting, add a DWORD value that is named DisableRestrictedAdmin to the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableRestrictedAdmin for the name of the DWORD value, and then press Enter.
  5. Right-click DisableRestrictedAdmin, and then click Modify.
    • To disable Restricted Admin mode, type 1 in the Value data box, and then click OK.
    • To enable Restricted Admin mode, type 0 in the Value data box, and then click OK.
  6. Exit Registry Editor, and then restart the computer.
The following files are available for download from the Microsoft Download Center.

For all supported x86-based versions of Windows 7

DownloadDownload the package now.

For all supported x64-based versions of Windows 7

DownloadDownload the package now.

For all supported x86-based versions of Windows Embedded Standard 7

DownloadDownload the package now.

For all supported x64-based versions of Windows Embedded Standard 7

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2008 R2

DownloadDownload the package now.

For all supported IA-64-based versions of Windows Server 2008 R2

DownloadDownload the package now.

For all supported x86-based versions of Windows 8

DownloadDownload the package now.

For all supported x64-based versions of Windows 8

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2012

DownloadDownload the package now.

For all supported x86-based versions of Windows 8.1

DownloadDownload the package now.

For all supported x64-based versions of Windows 8.1

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2012 R2

DownloadDownload the package now.

Release Date: July 8, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2973351 - Last Review: 07/08/2014 17:23:00 - Revision: 1.0

Windows RT 8.1, Windows 8.1, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows Server 2012 R2 Standard, Windows RT, Windows 8, Windows 8 Enterprise, Windows 8 Pro, Windows Server 2012 Datacenter, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Standard, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

  • kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbregistry KB2973351
Feedback