You are currently offline, waiting for your internet to reconnect

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014

INTRODUCTION
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
More information
On July 8, 2014, Microsoft released the following:
2973351 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014
2975625 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014
This update provides configurable registry settings for managing the Restricted Admin mode for Credential Security Support Provider (CredSSP).

Note The update changes default Restricted Admin mode functionality in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the FAQ section of the advisory.

How to configure the Restricted Admin registry setting

ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756How to back up and restore the registry in Windows
The default behavior for Restricted Admin mode changed in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. By default, Restricted Admin mode is now turned off, and you have to enable it again after you install update 2973351 or 2975625 if it is required. Previously, Restricted Admin mode was turned on by default.

To configure the Restricted Admin registry setting, add a DWORD value that is named DisableRestrictedAdmin to the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableRestrictedAdmin for the name of the DWORD value, and then press Enter.
  5. Right-click DisableRestrictedAdmin, and then click Modify.
    • To disable Restricted Admin mode, type 1 in the Value data box, and then click OK.
    • To enable Restricted Admin mode, type 0 in the Value data box, and then click OK.
  6. Exit Registry Editor, and then restart the computer.
FILE INFORMATION
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows 8.1 and Windows Server 2012 R2 file information

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatformService branch
Credssp.admlNot applicable18,20722-Aug-201305:14Not applicableX86_MICROSOFT-WINDOWS-CREDSSP-ADM.RESOURCES_31BF3856AD364E35_6.3.9600.16670_EN-US_CC90990BBCE23A4A
Credssp.admxNot applicable11,35418-Jun-201312:36Not applicableX86_MICROSOFT-WINDOWS-CREDSSP-ADM_31BF3856AD364E35_6.3.9600.16670_NONE_6D8AC11F770DE49F
Cng.sys6.3.9600.16670475,18409-Jun-201400:15x86Not applicable
Ksecpkg.sys6.3.9600.16670147,80009-Jun-201400:22x86Not applicable
Lsasrv.dll6.3.9600.166701,088,51208-Jun-201419:58x86Not applicable

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatformService branch
Credssp.admlNot applicable18,20722-Aug-201312:30Not applicableAMD64_MICROSOFT-WINDOWS-CREDSSP-ADM.RESOURCES_31BF3856AD364E35_6.3.9600.16670_EN-US_28AF348F753FAB80
Credssp.admxNot applicable11,35418-Jun-201315:03Not applicableAMD64_MICROSOFT-WINDOWS-CREDSSP-ADM_31BF3856AD364E35_6.3.9600.16670_NONE_C9A95CA32F6B55D5
Cng.sys6.3.9600.16670565,53609-Jun-201404:23x64Not applicable
Ksecpkg.sys6.3.9600.16670192,85609-Jun-201404:29x64Not applicable
Lsasrv.dll6.3.9600.166701,416,19208-Jun-201420:26x64Not applicable
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2975625 - Last Review: 07/08/2014 17:24:00 - Revision: 1.0

  • kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbfixme kbmsifixme kbregistry KB2975625
Feedback