Thursday, October 1, 2009

SP2: Security (1 of 2)






1) 967696. Hotfix. The memory usage of the Windows Server 2008 Active Directory Certificate Services (Certsrv.exe) may keep increasing when third-party plug-ins are installed and certificate requests are rejected.  http://support.microsoft.com/kb/967696

2) 967170. Hotfix. Windows Vista and Windows Server 2008 do not correctly audit all the privilege use events.  http://support.microsoft.com/kb/967170

3) 966329. Hotfix. Windows Server 2008 Certificate Services (ADCS) does not start, and error code 0x80070057 is generated when ADCS is reinstalled by using the "use existing keys" option in Windows Server 2008.  http://support.microsoft.com/kb/966329

4) 963046. Hotfix. When you use the Encrypting File System (EFS) to encrypt files, some files are not fully encrypted in Windows Vista or in Windows Server 2008.  http://support.microsoft.com/kb/963046

5) 961403. Hotfix. After the Active Directory RMS role is decommissioned on a Windows Server 2008-based server, users cannot open documents that IRM helps protect.  http://support.microsoft.com/kb/961403

6) 961120. Hotfix. When you enable the "Encrypt the Offline Files cache" policy setting, multiple EFS certificates may be generated when you log on to the domain from multiple Windows Vista-based or Windows Server 2008-based client computers.  http://support.microsoft.com/kb/961120

7) 961099. Hotfix. An application that uses Windows NT security event log APIs cannot read the description of an event log message from a computer that is running Windows Vista or Windows Server 2008.  http://support.microsoft.com/kb/961099

8) 960830. Hotfix. The password is not set as expected when you use the Ktpass.exe tool that is included with a 64-bit version of Windows Server 2008 to create a Kerberos keytab file.  http://support.microsoft.com/kb/960830

9) 960809. Hotfix. The Windows Server 2008 Online Certificate Status Protocol (OCSP) responder does not work with signing certificates that do not use the SHA1 algorithm.  http://support.microsoft.com/kb/960809

10) 960549. Hotfix. Some third-party Online Certificate Status Protocol (OCSP) clients may reject a response from an OSCP responder if this OCSP responder receives a Response Signing certificate from a Windows Server 2008 certification authority.  http://support.microsoft.com/kb/960549

11) 960375. Hotfix. You receive an ERROR_HANDLE_NOT_CLOSABLE error code and the Lsass.exe process crashes when an application calls the LsaLogonUser function together with the KERB_TICKET_LOGON structure in Windows Server 2008 and Windows Vista SP1.  http://support.microsoft.com/kb/960375

12) 960225. Security. MS09-007: Vulnerability in SChannel could allow spoofing.  http://support.microsoft.com/kb/960225

13) 959887. Hotfix. You cannot use a smart card certificate to log on to a domain from a Windows Vista-based client computer.  http://support.microsoft.com/kb/959887

14) 959517. Hotfix. Windows Server 2008 Key Distribution Center (KDC) rejects a TGS request after the TGT is renewed.  http://support.microsoft.com/kb/959517

15) 959406. Hotfix. The smart card personal identification number (PIN) dialog box does not appear in the foreground of the desktop when you enroll a smart card certificate in Windows Vista Service Pack 1 or Windows Server 2008.  http://support.microsoft.com/kb/959406

16) 959193. Hotfix. Two improvements are available that shorten the time that is required to manage SCEP certificates by using the Network Device Enrollment Service in Windows Server 2008.  http://support.microsoft.com/kb/959193

17) 959052. Hotfix. The FQDN option does not appear in the Subject name format list in the Certificate Templates console.  http://support.microsoft.com/kb/959052

18) 958900. Hotfix. Error message when you try to unlock a Windows Vista-based or a Windows Server 2008-based computer that has the Fast User Switching feature disabled: "The password for this account has expired".  http://support.microsoft.com/kb/958900

19) 957656. Hotfix. Error message when you log on to a Windows Vista-based or Windows Server 2008-based computer that has the "Allow user name hint" Group Policy setting enabled: "The specified username is invalid".  http://support.microsoft.com/kb/957656

20) 957441. Hotfix. Client connections return a "STATUS_INVALID_PARAM" error code when you use a "Send NTLMv2 response only" authentication level in Windows Server 2008 or in Windows Vista.  http://support.microsoft.com/kb/957441

21) 956580. Hotfix. You cannot enroll for a certificate that is larger than 4096 bits on an SCEP client in Windows Server 2008.  http://support.microsoft.com/kb/956580

22) 956544. Hotfix. When you enroll a certificate on a computer that is running Windows Vista or that is running Windows Server 2008, you are prompted to insert a smart card even though a smart card is already inserted.  http://support.microsoft.com/kb/956544

23) 956333. Hotfix. Certificate Web Enrollment Pages do not support Windows Mobile devices when they are released on computers that are running Windows Server 2008 or Windows Server 2003 and that have Certificate Services installed.  http://support.microsoft.com/kb/956333

24) 955805. Hotfix. Certain applications become very slow on a Windows Server 2008-based or Windows Vista SP1-based computer when a certificate with the SIA extension is installed.  http://support.microsoft.com/kb/955805

25) 955558. Hotfix. You cannot use a smart card certificate to log on to a domain from a Windows Vista-based or a Windows Server 2008-based client computer.  http://support.microsoft.com/kb/955558


No comments: