You are currently offline, waiting for your internet to reconnect

MS16-101: Description of the security update for Windows authentication methods: August 9, 2016

Summary
This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-101.
More information
Important
  • All future security and non-security updates for Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows 8.1-based or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Non-security-related fixes that are included in this security update

This security update also fixes the following non-security-related issues:
  • In a Domain-joined Scale Out File Server (SoFS) on a domainless cluster, when an SMB client that is running either Windows 8.1 or Windows Server 2012 R2 connects to a node that is down, authentication fails. When this occurs, you may receive an error message that resembles the following message:

    STATUS_NO_TGT_REPLY

Known issues in this security update

  • Known issue 1

    The security updates that are provided in MS16-101 and newer updates disable the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations with the STATUS_NO_LOGON_SERVERS (0xc000005e) error code. In this situation, you may receive one of the following error codes.

    HexadecimalDecimalSymbolicFriendly
    0xc00003881073740920STATUS_DOWNGRADE_DETECTEDThe system detected a possible attempt to compromise security. Please make sure that you can contact the server that authenticated you.
    0x4f11265ERROR_DOWNGRADE_DETECTEDThe system detected a possible attempt to compromise security. Please make sure that you can contact the server that authenticated you.


    Workaround

    If password changes that previously succeeded fail after the installation of MS16-101, it's likely that password changes were previously relying on NTLM fallback because Kerberos was failing. In order to change passwords successfully by using Kerberos protocols, follow these steps:

    1. Configure open communication on TCP port 464 between clients that have MS16-101 installed and the domain controller that is servicing password resets.

      Read-only domain controllers (RODCs) can service self-service password resets if the user is allowed by the RODCs password replication policy. Users who are not allowed by the RODC password policy require network connectivity to a read/write domain controller (RWDC) in the user account domain.

      Note To check whether TCP port 464 is open, follow these steps:

      1. Create an equivalent display filter for your network monitor parser. For example:
        ipv4.address== <ip address of client> && tcp.port==464
      2. In the results, look for the "TCP:[SynReTransmit" frame.

        Frame
    2. Make sure that the target Kerberos names are valid. (IP addresses are not valid for the Kerberos protocol. Kerberos supports short names and fully qualified domain names.)
    3. Make sure that service principal names (SPNs) are registered correctly.

      For more information, see Kerberos and Self-Service Password Reset.
  • Known issue 2

    We know about an issue in which programmatic password resets of domain user accounts fail and return the STATUS_DOWNGRADE_DETECTED (0x800704F1) error code if the expected failure is one of the following:

    • ERROR_INVALID_PASSWORD
    • ERROR_PWD_TOO_SHORT (rarely returned)
    • STATUS_WRONG_PASSWORD
    • STATUS_PASSWORD_RESTRICTION

    The following table shows the full error mapping.

    HexadecimalDecimalSymbolicFriendly
    0x5686ERROR_INVALID_PASSWORDThe specified network password is not correct.
    0x267615ERROR_PWD_TOO_SHORTThe password that was provided is too short to meet the policy of your user account. Please provide a longer password.
    0xc000006a-1073741718STATUS_WRONG_PASSWORDWhen you try to update a password, this return status indicates that the value that was provided as the current password is incorrect.
    0xc000006c-1073741716STATUS_PASSWORD_RESTRICTIONWhen you try to update a password, this return status indicates that some password update rule was violated. For example, the password may not meet the length criteria.
    0x800704F11265STATUS_DOWNGRADE_DETECTEDThe system cannot contact a domain controller to service the authentication request. Please try again later.
    0xc0000388-1073740920STATUS_DOWNGRADE_DETECTEDThe system cannot contact a domain controller to service the authentication request. Please try again later.


    Status

    The root cause of this issue is understood. We plan to release a fix that resolves this issue in October 2016. This release date is subject to change. This article will be updated with additional details as they become available.

  • Known issue 3

    We know about an issue in which programmatic resets of local user account password changes may fail and return the STATUS_DOWNGRADE_DETECTED (0x800704F1) error code.

    The following table shows the full error mapping.

    HexadecimalDecimalSymbolicFriendly
    0x4f11265ERROR_DOWNGRADE_DETECTEDThe system cannot contact a domain controller to service the authentication request. Please try again later.


    Status

    The root cause of this issue is understood. We plan to release a fix that resolves this issue in October 2016. This release date is subject to change. This article will be updated with additional details as they become available.

  • Known issue 4

    Passwords for disabled and locked-out user accounts cannot be changed.

    Workaround

    These accounts require an administrator to make password resets. This behavior is by design after you install MS16-101 and later fixes.

  • Known issue 5

    Applications that use the NetUserChangePassword API and that pass a servername in the domainname parameter will no longer work after MS16-101 and later updates are installed.

    Microsoft documentation states that providing a remote server name in the domainname parameter of the NetUserChangePassword function is supported. For example, the NetUserChangePassword function MSDN topic states the following:

    domainname [in]
    A pointer to a constant string that specifies the DNS or NetBIOS name of a remote server or domain on which the function is to execute. If this parameter is NULL, the logon domain of the caller is used.
    However, this guidance has been superseded by MS16-101, unless the password reset is for a local account on the local computer. Post MS16-101, in order for domain user password changes to work, you must pass a valid DNS Domain Name to the NetUserChangePassword API.
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-101 that corresponds to the version of Windows that you are running.
More information

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
File Information

File hash information

File nameSHA1 hashSHA256 hash
Windows6.1-KB3167679-ia64.msuEC5174AD16D8B15910F8C3573DE7E5310EDF89E7C4111DBCF20639D332A67E65D6F99205ED4EA2106DF198FC2D4290F28D156679
Windows8.1-KB3167679-x86.msuF70562A088326845D6A6FEF4BDCDF3D9BC38AFEE3177DC8B151FBE016B1D16D60C0AC488C18F9DDFACEE6E016B0563AFCC3538F4
Windows6.1-KB3167679-x86.msu302D02FA98EEE549AC00E51C8203EB3C0FB601E9A926966353399E6F0D435E558EBF77BD02A1F8847EC4D23DF1897A6F99B8A65D
Windows8.1-KB3167679-x64.msu6404376470E239466E7A655F5204131E9EC96592FFFF7A5F22058C52966EC60EA05DB45475D7A70BB4411A4E14FDEC5FBA75CA88
Windows6.0-KB3167679-ia64.msu3222E59997E2062FB97BBC57F45B368AF1D9B2A2C0E7ED30F949F67403B3D5BE492728FCAABAC1D768C4AE0C514E57FD5AE70846
Windows6.0-KB3167679-x86.msu3B4CBCCE7E849C1EAA632A12EA2A06F984DA29B2F588EBD5451AD2F8AEFD991A64043BA75B0919AD290EB546DFD3262C38BDA029
Windows6.0-KB3167679-x64.msuBDB36F4EF8ECB9B6D6E4DFDF145ADC0D45D6CD5F4DDD4B15186B8DEEA91A3581158B73FF3BC8C3BDD98DE63E96ED7C6BB3E7FBA1
Windows6.1-KB3167679-x64.msu95C9A8900EEC192F3B4656FD57A9B3C8C27A9FB1F54DE91891EA3E216FB3697AF5BF99CB5DB6C39EFB003EFD4417D86C338EFF17

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 7 and Windows Server 2008 R2 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.1.760 1.18xxxWindows 7 or Windows Server 2008 R2 SP1GDR
    6.1.760 1.23xxxWindows 7 or Windows Server 2008 R2 SP1 LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported ia64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Bcryptprimitives.dll6.1.7601.23451503,96012-May-201613:05IA-64NoneNot applicable
Cryptbase.dll6.1.7601.2349762,97608-Jul-201615:10IA-64NoneNot applicable
Cng.sys6.1.7601.23451790,47212-May-201613:05IA-64NoneNot applicable
Ksecdd.sys6.1.7601.23497179,43208-Jul-201615:15IA-64NoneNot applicable
Ksecpkg.sys6.1.7601.23497318,69608-Jul-201615:15IA-64NoneNot applicable
Lsasrv.dll6.1.7601.234972,701,82408-Jul-201615:10IA-64NoneNot applicable
Lsasrv.mofNot applicable13,78023-Mar-201622:40Not applicableNoneNot applicable
Lsass.exe6.1.7601.2349755,80808-Jul-201614:42IA-64NoneNot applicable
Secur32.dll6.1.7601.2349748,64008-Jul-201615:10IA-64NoneNot applicable
Sspicli.dll6.1.7601.23497274,94408-Jul-201615:10IA-64NoneNot applicable
Sspisrv.dll6.1.7601.2349745,56808-Jul-201615:10IA-64NoneNot applicable
Adtschema.dll6.1.7601.23497690,68808-Jul-201615:10IA-64NoneNot applicable
Auditpol.exe6.1.7601.23497145,40808-Jul-201614:51IA-64NoneNot applicable
Msaudite.dll6.1.7601.23497146,43208-Jul-201615:10IA-64NoneNot applicable
Msobjs.dll6.1.7601.2349760,41608-Jul-201615:10IA-64NoneNot applicable
Ncrypt.dll6.1.7601.23497562,17608-Jul-201615:10IA-64NoneNot applicable
Rpchttp.dll6.1.7601.23497401,40808-Jul-201615:10IA-64NoneNot applicable
Rpcrt4.dll6.1.7601.234972,574,33608-Jul-201615:10IA-64NoneNot applicable
Credssp.dll6.1.7601.2349749,66408-Jul-201615:10IA-64SP_IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.1.7601.23497188,41608-Jul-201615:10IA-64SP_IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96423-Mar-201622:42Not applicableSP_IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Wdigest.dll6.1.7601.23497475,13608-Jul-201615:10IA-64NoneNot applicable
Kerberos.dll6.1.7601.234971,534,97608-Jul-201615:10IA-64NoneNot applicable
Msv1_0.dll6.1.7601.23497650,24008-Jul-201615:10IA-64NoneNot applicable
Schannel.dll6.1.7601.23497722,94408-Jul-201615:10IA-64NoneNot applicable
Mrxsmb10.sys6.1.7601.23497685,05608-Jul-201614:43IA-64NoneNot applicable
Mrxsmb20.sys6.1.7601.23497315,39208-Jul-201614:43IA-64NoneNot applicable
Mrxsmb.sys6.1.7601.23497371,20008-Jul-201614:43IA-64NoneNot applicable
Lsasrv.mofNot applicable13,78023-Mar-201622:39Not applicableNoneNot applicable
Secur32.dll6.1.7601.2349722,01608-Jul-201615:16x86NoneNot applicable
Sspicli.dll6.1.7601.2349796,76808-Jul-201615:17x86NoneNot applicable
Rpcrt4.dll6.1.7601.23497666,11208-Jul-201615:17x86NoneNot applicable
Wdigest.dll6.1.7601.23497172,03208-Jul-201615:16x86NoneNot applicable
Kerberos.dll6.1.7601.23497553,47208-Jul-201615:16x86NoneNot applicable
Msv1_0.dll6.1.7601.23497260,60808-Jul-201615:16x86NoneNot applicable
Schannel.dll6.1.7601.23497251,39208-Jul-201615:16x86NoneNot applicable
Bcryptprimitives.dll6.1.7601.23451249,35212-May-201613:04x86NoneNot applicable
Cryptbase.dll6.1.7601.2349736,35208-Jul-201614:50x86NoneNot applicable
Adtschema.dll6.1.7601.23497690,68808-Jul-201615:16x86NoneNot applicable
Auditpol.exe6.1.7601.2349750,17608-Jul-201614:55x86NoneNot applicable
Msaudite.dll6.1.7601.23497146,43208-Jul-201615:16x86NoneNot applicable
Msobjs.dll6.1.7601.2349760,41608-Jul-201615:16x86NoneNot applicable
Ncrypt.dll6.1.7601.23497223,23208-Jul-201615:16x86NoneNot applicable
Rpchttp.dll6.1.7601.23497141,31208-Jul-201615:16x86NoneNot applicable
Credssp.dll6.1.7601.2349717,40808-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.1.7601.2349765,53608-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96423-Mar-201622:41Not applicableSP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Bcryptprimitives.dll6.1.7601.23451249,35212-May-201613:04x86NoneNot applicable
Cryptbase.dll6.1.7601.2349736,35208-Jul-201614:50x86NoneNot applicable
Cng.sys6.1.7601.23451370,78412-May-201613:04x86NoneNot applicable
Ksecdd.sys6.1.7601.2349767,30408-Jul-201615:22x86NoneNot applicable
Ksecpkg.sys6.1.7601.23497137,96008-Jul-201615:22x86NoneNot applicable
Lsasrv.dll6.1.7601.234971,062,91208-Jul-201615:16x86NoneNot applicable
Lsasrv.mofNot applicable13,78023-Mar-201622:39Not applicableNoneNot applicable
Lsass.exe6.1.7601.2349722,01608-Jul-201614:50x86NoneNot applicable
Secur32.dll6.1.7601.2349722,01608-Jul-201615:16x86NoneNot applicable
Sspicli.dll6.1.7601.2349799,84008-Jul-201615:16x86NoneNot applicable
Sspisrv.dll6.1.7601.2349715,87208-Jul-201614:50x86NoneNot applicable
Adtschema.dll6.1.7601.23497690,68808-Jul-201615:16x86NoneNot applicable
Auditpol.exe6.1.7601.2349750,17608-Jul-201614:55x86NoneNot applicable
Msaudite.dll6.1.7601.23497146,43208-Jul-201615:16x86NoneNot applicable
Msobjs.dll6.1.7601.2349760,41608-Jul-201615:16x86NoneNot applicable
Ncrypt.dll6.1.7601.23497223,23208-Jul-201615:16x86NoneNot applicable
Rpchttp.dll6.1.7601.23497141,31208-Jul-201615:16x86NoneNot applicable
Rpcrt4.dll6.1.7601.23497655,36008-Jul-201615:16x86NoneNot applicable
Credssp.dll6.1.7601.2349717,40808-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.1.7601.2349765,53608-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96423-Mar-201622:41Not applicableSP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Wdigest.dll6.1.7601.23497172,03208-Jul-201615:16x86NoneNot applicable
Kerberos.dll6.1.7601.23497553,47208-Jul-201615:16x86NoneNot applicable
Msv1_0.dll6.1.7601.23497260,60808-Jul-201615:16x86NoneNot applicable
Schannel.dll6.1.7601.23497251,39208-Jul-201615:16x86NoneNot applicable
Mrxsmb10.sys6.1.7601.23497226,30408-Jul-201614:51x86NoneNot applicable
Mrxsmb20.sys6.1.7601.2349798,30408-Jul-201614:51x86NoneNot applicable
Mrxsmb.sys6.1.7601.23497124,41608-Jul-201614:51x86NoneNot applicable
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Bcryptprimitives.dll6.1.7601.23451297,98412-May-201613:05x64NoneNot applicable
Certcli.dll6.1.7601.23497463,87208-Jul-201615:32x64NoneNot applicable
Cryptbase.dll6.1.7601.2349743,52008-Jul-201615:32x64NoneNot applicable
Cng.sys6.1.7601.23451459,64012-May-201613:05x64NoneNot applicable
Ksecdd.sys6.1.7601.2349795,46408-Jul-201615:37x64NoneNot applicable
Ksecpkg.sys6.1.7601.23497154,85608-Jul-201615:37x64NoneNot applicable
Lsasrv.dll6.1.7601.234971,464,32008-Jul-201615:32x64NoneNot applicable
Lsasrv.mofNot applicable13,78023-Mar-201622:40Not applicableNoneNot applicable
Lsass.exe6.1.7601.2349730,72008-Jul-201614:55x64NoneNot applicable
Secur32.dll6.1.7601.2349728,16008-Jul-201615:32x64NoneNot applicable
Sspicli.dll6.1.7601.23497135,68008-Jul-201615:32x64NoneNot applicable
Sspisrv.dll6.1.7601.2349728,67208-Jul-201615:32x64NoneNot applicable
Adtschema.dll6.1.7601.23497690,68808-Jul-201615:32x64NoneNot applicable
Auditpol.exe6.1.7601.2349764,00008-Jul-201615:03x64NoneNot applicable
Msaudite.dll6.1.7601.23497146,43208-Jul-201615:32x64NoneNot applicable
Msobjs.dll6.1.7601.2349760,41608-Jul-201615:32x64NoneNot applicable
Ncrypt.dll6.1.7601.23497312,32008-Jul-201615:32x64NoneNot applicable
Ocspisapi.dll6.1.7601.23497355,84008-Jul-201615:32x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspisapictrs.hNot applicable1,42123-Mar-201622:41Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspisapictrs.iniNot applicable2,63623-Mar-201622:41Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,96008-Jul-201617:18Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,13408-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91808-Jul-201615:32Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,21008-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09808-Jul-201617:16Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02808-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,14008-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,64208-Jul-201617:17Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,57608-Jul-201617:14Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02608-Jul-201617:18Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02808-Jul-201617:17Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,18808-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,13008-Jul-201617:18Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,06408-Jul-201617:15Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09208-Jul-201617:19Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,82808-Jul-201617:16Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,15808-Jul-201617:14Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46008-Jul-201617:17Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvc.exe6.1.7601.23497275,96808-Jul-201615:03x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.hNot applicable1,56923-Mar-201622:41Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91823-Mar-201622:41Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Rpchttp.dll6.1.7601.23497190,46408-Jul-201615:32x64NoneNot applicable
Rpcrt4.dll6.1.7601.234971,212,92808-Jul-201615:32x64NoneNot applicable
Credssp.dll6.1.7601.2349722,01608-Jul-201615:32x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.1.7601.2349786,52808-Jul-201615:32x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96423-Mar-201622:41Not applicableSP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Wdigest.dll6.1.7601.23497210,43208-Jul-201615:32x64NoneNot applicable
Kerberos.dll6.1.7601.23497730,62408-Jul-201615:32x64NoneNot applicable
Msv1_0.dll6.1.7601.23497316,41608-Jul-201615:32x64NoneNot applicable
Schannel.dll6.1.7601.23497343,55208-Jul-201615:32x64NoneNot applicable
Mrxsmb10.sys6.1.7601.23497291,32808-Jul-201614:56x64NoneNot applicable
Mrxsmb20.sys6.1.7601.23497129,53608-Jul-201614:56x64NoneNot applicable
Mrxsmb.sys6.1.7601.23497159,74408-Jul-201614:57x64NoneNot applicable
Lsasrv.mofNot applicable13,78023-Mar-201622:39Not applicableNoneNot applicable
Secur32.dll6.1.7601.2349722,01608-Jul-201615:16x86NoneNot applicable
Sspicli.dll6.1.7601.2349796,76808-Jul-201615:17x86NoneNot applicable
Rpcrt4.dll6.1.7601.23497666,11208-Jul-201615:17x86NoneNot applicable
Wdigest.dll6.1.7601.23497172,03208-Jul-201615:16x86NoneNot applicable
Kerberos.dll6.1.7601.23497553,47208-Jul-201615:16x86NoneNot applicable
Msv1_0.dll6.1.7601.23497260,60808-Jul-201615:16x86NoneNot applicable
Schannel.dll6.1.7601.23497251,39208-Jul-201615:16x86NoneNot applicable
Bcryptprimitives.dll6.1.7601.23451249,35212-May-201613:04x86NoneNot applicable
Certcli.dll6.1.7601.23497342,52808-Jul-201615:16x86NoneNot applicable
Cryptbase.dll6.1.7601.2349736,35208-Jul-201614:50x86NoneNot applicable
Adtschema.dll6.1.7601.23497690,68808-Jul-201615:16x86NoneNot applicable
Auditpol.exe6.1.7601.2349750,17608-Jul-201614:55x86NoneNot applicable
Msaudite.dll6.1.7601.23497146,43208-Jul-201615:16x86NoneNot applicable
Msobjs.dll6.1.7601.2349760,41608-Jul-201615:16x86NoneNot applicable
Ncrypt.dll6.1.7601.23497223,23208-Jul-201615:16x86NoneNot applicable
Rpchttp.dll6.1.7601.23497141,31208-Jul-201615:16x86NoneNot applicable
Credssp.dll6.1.7601.2349717,40808-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.1.7601.2349765,53608-Jul-201615:16x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96423-Mar-201622:41Not applicableSP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP

Windows 8.1 and Windows Server 2012 R2 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.3.960 0.16 xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
    6.3.960 0.17 xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
    6.3.960 0.18 xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Bcryptprimitives.dll6.3.9600.18340340,87216-May-201621:13x86
Cng.sys6.3.9600.18340479,31216-May-201621:16x86
Ksecpkg.sys6.3.9600.18340148,82416-May-201621:16x86
Lsasrv.dll6.3.9600.184051,118,20808-Jul-201614:18x86
Adtschema.dll6.3.9600.17415736,76829-Oct-201402:06x86
Msaudite.dll6.3.9600.17415154,11229-Oct-201402:06x86
Msobjs.dll6.3.9600.1638461,95222-Aug-201304:17x86
Mrxsmb10.sys6.3.9600.18298229,37606-Apr-201616:48x86
Mrxsmb20.sys6.3.9600.18404153,08807-Jul-201620:35x86
Mrxsmb.sys6.3.9600.18298328,70406-Apr-201616:48x86
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Bcryptprimitives.dll6.3.9600.18344397,23218-May-201623:18x64NoneNot applicable
Certcli.dll6.3.9600.18404445,44007-Jul-201621:53x64NoneNot applicable
Cng.sys6.3.9600.18344563,02418-May-201623:18x64NoneNot applicable
Ksecpkg.sys6.3.9600.18344178,01618-May-201623:16x64NoneNot applicable
Lsasrv.dll6.3.9600.184051,445,37608-Jul-201614:22x64NoneNot applicable
Adtschema.dll6.3.9600.17415736,76829-Oct-201402:50x64NoneNot applicable
Msaudite.dll6.3.9600.17415154,11229-Oct-201402:51x64NoneNot applicable
Msobjs.dll6.3.9600.1638461,95222-Aug-201311:46x64NoneNot applicable
Ocspisapi.dll6.3.9600.17415293,37629-Oct-201401:43x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspisapictrs.hNot applicable1,42118-Jun-201315:06Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspisapictrs.iniNot applicable2,63618-Jun-201315:06Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,96022-Aug-201319:26Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,13422-Aug-201319:44Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91822-Aug-201312:30Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,21022-Aug-201319:43Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09822-Aug-201319:30Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02822-Aug-201319:46Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,14022-Aug-201319:31Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,64222-Aug-201319:30Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,57622-Aug-201319:31Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02622-Aug-201319:23Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02822-Aug-201319:23Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,18822-Aug-201319:23Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,12622-Aug-201319:33Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,06422-Aug-201319:36Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09222-Aug-201319:36Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,82822-Aug-201319:32Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46422-Aug-201319:20Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,48022-Aug-201319:20Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46022-Aug-201319:21Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvc.exe6.3.9600.17415219,13629-Oct-201402:19x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.hNot applicable1,56918-Jun-201315:06Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91818-Jun-201315:06Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Mrxsmb10.sys6.3.9600.18298284,67206-Apr-201618:19x64NoneNot applicable
Mrxsmb20.sys6.3.9600.18404201,72807-Jul-201622:33x64NoneNot applicable
Mrxsmb.sys6.3.9600.18298401,92006-Apr-201618:19x64NoneNot applicable
Bcryptprimitives.dll6.3.9600.18344340,88018-May-201622:28x86NoneNot applicable
Certcli.dll6.3.9600.18404324,09607-Jul-201620:06x86NoneNot applicable
Adtschema.dll6.3.9600.17415736,76829-Oct-201402:06x86NoneNot applicable
Msaudite.dll6.3.9600.17415154,11229-Oct-201402:06x86NoneNot applicable
Msobjs.dll6.3.9600.1638461,95222-Aug-201304:17x86NoneNot applicable

Windows Vista and Windows Server 2008 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.0.600 2.19xxxWindows Vista or Windows Server 2008SP2GDR
    6.0.600 2.23xxxWindows Vista or Windows Server 2008SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported ia64-based versions
File nameFile versionFile sizeDateTimePlatform
Advapi32.dll6.0.6002.195981,964,54406-Feb-201601:39IA-64
Advapi32.dll6.0.6002.239841,963,52009-Jul-201615:08IA-64
Bcrypt.dll6.0.6002.19500583,16822-Sep-201513:12IA-64
Bcrypt.dll6.0.6002.23810583,68007-Mar-201623:36IA-64
Ksecdd.sys6.0.6002.196551,030,37611-May-201613:10IA-64
Lsasrv.dll6.0.6002.196683,261,44011-Jul-201607:16IA-64
Lsasrv.mofNot applicable13,78003-Apr-200921:34Not applicable
Lsass.exe6.0.6002.1854117,92016-Nov-201114:10IA-64
Secur32.dll6.0.6002.19623202,75218-Mar-201616:34IA-64
Ksecdd.sys6.0.6002.239701,030,88811-May-201613:08IA-64
Lsasrv.dll6.0.6002.239843,266,56009-Jul-201615:09IA-64
Lsasrv.mofNot applicable13,78007-Mar-201623:37Not applicable
Lsass.exe6.0.6002.2398417,92009-Jul-201614:27IA-64
Secur32.dll6.0.6002.23984202,75209-Jul-201615:09IA-64
Ncrypt.dll6.0.6002.19623524,28818-Mar-201616:33IA-64
Ncrypt.dll6.0.6002.23984524,28809-Jul-201615:09IA-64
Rpcrt4.dll6.0.6002.195983,298,81606-Feb-201601:41IA-64
Rpcrt4.dll6.0.6002.239843,289,08809-Jul-201615:09IA-64
Wdigest.dll6.0.6002.19659482,81614-May-201615:31IA-64
Wdigest.dll6.0.6002.23984483,32809-Jul-201615:09IA-64
Msv1_0.dll6.0.6002.19431570,88027-Jun-201515:22IA-64
Msv1_0.dll6.0.6002.23984570,36809-Jul-201615:09IA-64
Schannel.dll6.0.6002.19375811,52030-Apr-201515:21IA-64
Schannel.dll6.0.6002.23984818,68809-Jul-201615:09IA-64
Mrxsmb10.sys6.0.6002.19431669,18427-Jun-201514:19IA-64
Mrxsmb10.sys6.0.6002.23984670,20809-Jul-201614:17IA-64
Mrxsmb20.sys6.0.6002.19431270,33627-Jun-201514:19IA-64
Mrxsmb20.sys6.0.6002.23984272,38409-Jul-201614:17IA-64
Mrxsmb.sys6.0.6002.19279323,07209-Jan-201500:12IA-64
Mrxsmb.sys6.0.6002.23984325,63209-Jul-201614:17IA-64
Bcrypt.dll6.0.6002.19500275,96818-Mar-201614:35x86
Bcrypt.dll6.0.6002.23810275,96809-Jul-201613:14x86
Lsasrv.mofNot applicable13,78008-Mar-201600:42Not applicable
Secur32.dll6.0.6002.1966877,31211-Jul-201607:02x86
Lsasrv.mofNot applicable13,78007-Mar-201623:37Not applicable
Secur32.dll6.0.6002.2398477,31209-Jul-201615:19x86
Rpcrt4.dll6.0.6002.19598679,42406-Feb-201602:12x86
Rpcrt4.dll6.0.6002.23984678,91209-Jul-201615:19x86
Wdigest.dll6.0.6002.19659175,61614-May-201615:41x86
Wdigest.dll6.0.6002.23984175,61609-Jul-201615:19x86
Msv1_0.dll6.0.6002.19431218,11227-Jun-201516:02x86
Msv1_0.dll6.0.6002.23984218,11209-Jul-201615:18x86
Schannel.dll6.0.6002.19375279,04030-Apr-201516:03x86
Schannel.dll6.0.6002.23984282,11209-Jul-201615:19x86
Advapi32.dll6.0.6002.19598802,30406-Feb-201602:11x86
Advapi32.dll6.0.6002.23984802,81609-Jul-201615:16x86
Ncrypt.dll6.0.6002.19623206,33618-Mar-201617:10x86
Ncrypt.dll6.0.6002.23984205,31209-Jul-201615:18x86
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Advapi32.dll6.0.6002.19598802,30406-Feb-201602:11x86
Advapi32.dll6.0.6002.23984802,81609-Jul-201615:16x86
Bcrypt.dll6.0.6002.19500274,43218-Mar-201614:35x86
Bcrypt.dll6.0.6002.23810274,94409-Jul-201613:14x86
Ksecdd.sys6.0.6002.19655440,55211-May-201613:09x86
Lsasrv.dll6.0.6002.196681,260,03211-Jul-201607:00x86
Lsasrv.mofNot applicable13,78003-Apr-200921:30Not applicable
Lsass.exe6.0.6002.185419,72816-Nov-201114:12x86
Secur32.dll6.0.6002.1962372,70418-Mar-201617:10x86
Ksecdd.sys6.0.6002.23970440,55211-May-201613:07x86
Lsasrv.dll6.0.6002.239841,262,59209-Jul-201615:17x86
Lsasrv.mofNot applicable13,78007-Mar-201623:37Not applicable
Lsass.exe6.0.6002.239849,72809-Jul-201614:23x86
Secur32.dll6.0.6002.2398472,70409-Jul-201615:19x86
Ncrypt.dll6.0.6002.19623206,33618-Mar-201617:10x86
Ncrypt.dll6.0.6002.23984205,31209-Jul-201615:18x86
Rpcrt4.dll6.0.6002.19598783,87206-Feb-201602:12x86
Rpcrt4.dll6.0.6002.23984783,87209-Jul-201615:18x86
Wdigest.dll6.0.6002.19659175,61614-May-201615:41x86
Wdigest.dll6.0.6002.23984175,61609-Jul-201615:19x86
Msv1_0.dll6.0.6002.19431218,11227-Jun-201516:02x86
Msv1_0.dll6.0.6002.23984218,11209-Jul-201615:18x86
Schannel.dll6.0.6002.19375279,04030-Apr-201516:03x86
Schannel.dll6.0.6002.23984282,11209-Jul-201615:19x86
Mrxsmb10.sys6.0.6002.19431217,08827-Jun-201514:21x86
Mrxsmb10.sys6.0.6002.23984217,08809-Jul-201614:17x86
Mrxsmb20.sys6.0.6002.1943181,40827-Jun-201514:21x86
Mrxsmb20.sys6.0.6002.2398482,43209-Jul-201614:17x86
Mrxsmb.sys6.0.6002.19279107,00809-Jan-201500:17x86
Mrxsmb.sys6.0.6002.23984107,52009-Jul-201614:17x86
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Advapi32.dll6.0.6002.195981,067,00806-Feb-201601:59x64
Advapi32.dll6.0.6002.239841,067,52009-Jul-201615:32x64
Bcrypt.dll6.0.6002.19500306,68822-Sep-201513:10x64
Bcrypt.dll6.0.6002.23810306,68807-Mar-201623:36x64
Ksecdd.sys6.0.6002.19655516,32811-May-201613:10x64
Lsasrv.dll6.0.6002.196681,690,11211-Jul-201607:26x64
Lsasrv.mofNot applicable13,78003-Apr-200921:33Not applicable
Lsass.exe6.0.6002.1854111,26416-Nov-201114:34x64
Secur32.dll6.0.6002.1962394,72018-Mar-201618:15x64
Ksecdd.sys6.0.6002.23970517,35211-May-201613:08x64
Lsasrv.dll6.0.6002.239841,693,69609-Jul-201615:34x64
Lsasrv.mofNot applicable13,78007-Mar-201623:37Not applicable
Lsass.exe6.0.6002.2398411,26409-Jul-201614:44x64
Secur32.dll6.0.6002.2398494,72009-Jul-201615:35x64
Ncrypt.dll6.0.6002.19623258,04818-Mar-201618:15x64
Ncrypt.dll6.0.6002.23984257,53609-Jul-201615:34x64
Rpcrt4.dll6.0.6002.195981,304,57606-Feb-201602:01x64
Rpcrt4.dll6.0.6002.239841,308,16009-Jul-201615:35x64
Wdigest.dll6.0.6002.19659205,82414-May-201615:54x64
Wdigest.dll6.0.6002.23984205,82409-Jul-201615:35x64
Msv1_0.dll6.0.6002.19431269,82427-Jun-201515:40x64
Msv1_0.dll6.0.6002.23984269,31209-Jul-201615:34x64
Schannel.dll6.0.6002.19375347,64830-Apr-201515:41x64
Schannel.dll6.0.6002.23984351,23209-Jul-201615:35x64
Mrxsmb10.sys6.0.6002.19431278,01627-Jun-201514:30x64
Mrxsmb10.sys6.0.6002.23984278,52809-Jul-201614:34x64
Mrxsmb20.sys6.0.6002.19431109,05627-Jun-201514:30x64
Mrxsmb20.sys6.0.6002.23984110,08009-Jul-201614:34x64
Mrxsmb.sys6.0.6002.19279136,19209-Jan-201500:28x64
Mrxsmb.sys6.0.6002.23984137,21609-Jul-201614:34x64
Bcrypt.dll6.0.6002.19500275,96818-Mar-201614:35x86
Bcrypt.dll6.0.6002.23810275,96809-Jul-201613:14x86
Lsasrv.mofNot applicable13,78008-Mar-201600:42Not applicable
Secur32.dll6.0.6002.1966877,31211-Jul-201607:02x86
Lsasrv.mofNot applicable13,78007-Mar-201623:37Not applicable
Secur32.dll6.0.6002.2398477,31209-Jul-201615:19x86
Rpcrt4.dll6.0.6002.19598679,42406-Feb-201602:12x86
Rpcrt4.dll6.0.6002.23984678,91209-Jul-201615:19x86
Wdigest.dll6.0.6002.19659175,61614-May-201615:41x86
Wdigest.dll6.0.6002.23984175,61609-Jul-201615:19x86
Msv1_0.dll6.0.6002.19431218,11227-Jun-201516:02x86
Msv1_0.dll6.0.6002.23984218,11209-Jul-201615:18x86
Schannel.dll6.0.6002.19375279,04030-Apr-201516:03x86
Schannel.dll6.0.6002.23984282,11209-Jul-201615:19x86
Advapi32.dll6.0.6002.19598802,30406-Feb-201602:11x86
Advapi32.dll6.0.6002.23984802,81609-Jul-201615:16x86
Ncrypt.dll6.0.6002.19623206,33618-Mar-201617:10x86
Ncrypt.dll6.0.6002.23984205,31209-Jul-201615:18x86
malicious attacker exploit
Properties

Article ID: 3167679 - Last Review: 09/15/2016 21:03:00 - Revision: 5.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3167679
Feedback
>