On July 8, 2014, Microsoft released the following:
Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014
Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014
This update provides configurable registry settings for managing the Restricted Admin mode for Credential Security Support Provider (CredSSP). Note
The update changes default Restricted Admin mode functionality in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the FAQ section of the advisory.
How to configure the Restricted Admin registry settingImportant
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
The default behavior for Restricted Admin mode changed in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. By default, Restricted Admin mode is now turned off, and you have to enable it again after you install update 2973351 or 2975625 if it is required. Previously, Restricted Admin mode was turned on by default.
To configure the Restricted Admin registry setting, add a DWORD value that is named DisableRestrictedAdmin
to the following registry subkey:
To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following subkey in the registry:
- On the Edit menu, point to New, and then click DWORD Value.
- Type DisableRestrictedAdmin for the name of the DWORD value, and then press Enter.
- Right-click DisableRestrictedAdmin, and then click Modify.
- To disable Restricted Admin mode, type 1 in the Value data box, and then click OK.
- To enable Restricted Admin mode, type 0 in the Value data box, and then click OK.
- Exit Registry Editor, and then restart the computer.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE