Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
Yesterday Microsoft re-released KB973811 ==> http://www.microsoft.com/technet/security/advisory/973811.mspx
This relates back to the original KB973917 ==> http://support.microsoft.com/kb/973917
and advisory MS09-071 ==> http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx
This affects the Extended Protection for Authentication functions within XP, Vista and Server 2003 ==> http://support.microsoft.com/kb/968389
It didn't show up in yesterday's Patch Tuesday review because Microsoft is classifying it as a "non-security upgrade". This is confusing to me, because the update actually includes mitigation against a credential forwarding attack, which you might see on an unencrypted, unsigned connection (yes, there's still a lot of that going around ! )
This update affects XP, Vista and Server 2003. Windows 7 and Server 2008 R2 are not affected.
Thanks to our readers on letting us know about this one. I'm still puzzled as to why this wasn't on Microsoft's list of security updates ...
=============== Rob VandenBrink Metafore ===============
