Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

INTRODUCTION

Microsoft has released security advisory 973811. To view the complete security advisory, visit the following Microsoft website:

http://www.microsoft.com/technet/security/advisory/973811.mspx

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

How do I configure .NET to utilize Extended Protection for Authentication?

Here are the steps for enabling Extended Protection for the Microsoft .NET Framework 2.0 Service Pack 2, .NET Framework 3.0 Service Pack 2, and .NET Framework 3.5 SP1.

For .NET Framework 2.0 Service Pack 2 (Network Class Library)

Extended protection can be turned on by setting properties on HttpListener. For more information, visit the following Microsoft MSDN websites:

HttpListener.ExtendedProtectionPolicy
HttpListener.ExtendedProtectionSelectorDelegate
HttpListener.DefaultServiceNamesIf NegotiateStream is used, then the appropriate overloads of [Begin]AuthenticateAsServer and [Begin]AuthenticateAsClient need to be used: For more information, visit the following Microsoft MSDN websites:

http://msdn.microsoft.com/en-us/library/dd413524(v=VS.100).aspx
http://msdn.microsoft.com/en-us/library/dd413526(v=VS.100).aspx
http://msdn.microsoft.com/en-us/library/dd413525(v=VS.100).aspx
http://msdn.microsoft.com/en-us/library/dd413527(v=VS.100).aspx


In addition to the recommendations in these Microsoft websites, follow these steps:

  1. On the client side, install the Extended Protection for Authentication update for Security Support Provider Interface (SSPI). This update changes SSPI to improve Windows authentication. Additionally, this update prevents credentials from being forwarded. After you install this update, you must implement the registry settings that are described in Microsoft Knowledge Base (KB) article 968389 to enable extended protection.

    For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    968389Extended Protection for Authentication

  2. On the server side, install the Extended Protection for Authentication update for the HTTP Protocol Stack.

For .NET Framework 2.0 Service Pack 2 (ASP.NET)

No special action is required in order to use Extended Protection.

For .NET Framework 3.0 Service Pack 2 (WCF)

To enable the Extended Protection for Authentication feature in WCF, follow these steps: To do this, follow these steps:

  1. On the client side, install the Extended Protection for Authentication update for Security Support Provider Interface (SSPI). This update changes SSPI to improve Windows authentication. Additionally, this update prevents credentials from being forwarded. After you install this update, you must implement the registry settings that are described in Microsoft Knowledge Base (KB) article 968389 to enable extended protection.

    For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    968389Extended Protection for Authentication

  2. On the server side, install the Extended Protection for Authentication update for the HTTP Protocol Stack.

  3. Install the Extended Protection for Authentication update for Internet Information Services (IIS) when IIS is installed.



    After you install the update, follow the instructions in KB article 973917 to configure extended protection in IIS.


    For more information, click the following article numbers to view the article in the Microsoft Knowledge Base:

    973917Description of the update that implements Extended Protection for Authentication in Internet Information Services (IIS)

    970430
    Description of the update that implements Extended Protection for Authentication in the HTTP Protocol Stack (http.sys)

  4. Use the ExtendedProtectionPolicy class in WCF to represent the extended protection policy that the server uses to validate incoming client connections. The class can be applied only when the security mode is set to Transport mode or to TransportWithMessageCredential mode. The following is a sample code that shows the configuration in a binding element of a service config file:

    <binding>
    ……………
    <security mode="Transport">
    <transport ……………>
    <extendedProtectionPolicy policyEnforcement ="WhenSupported"/>
    </transport >
    </security>
    </binding>

    For more information about the Extended Protection for Authentication feature, visit the following Microsoft TechNet website:


    Extended Protection for Authentication






For more configuration information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

Article number

Article title

982532

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and on Windows Server 2008 Service Pack 1 (976767 and 980843): June 8, 2010

982533

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 2 and on Windows Server 2008 Service Pack 2 (976768 and 980842): June 8, 2010

982535

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and on Windows Server 2008 Service Pack 1 (976767, 980843, and 976771): June 8, 2010

982536

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 2 and on Windows Server 2008 Service Pack 2 (976768, 980842, and 976772): June 8, 2010

982167

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 on Windows XP and on Windows Server 2003 (976765 and 980773): June 8, 2010

982168

Description of the rollup update for the .NET Framework 3.5 Service Pack 1 on Windows XP and on Windows Server 2003 (976765, 980773 and 976769): June 8,

2262911

"Could not load type 'System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy'" exception error after you install update 982167 or update 982168

Known Issues

For more information about known issues with this software, click the following article number to view the article in the Microsoft Knowledge Base:



Article number

Article title

2197146

Updates for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 may cause the Microsoft Knowledge Base article number to appear instead of the full title of the update in the Add or Remove Programs item in Control Panel

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×