What’s New and Changed

Updated Documentation

Service Releases

The following documents were updated and have errata published for service releases after the April 2022 release for Windows 11, version 22H2 operating system. See Windows Protocols Errata.

Specification

Description

Release Date

[MS-CRTD]: Certificate Templates Structure

Specifies the Certificate Templates Structure. This structure describes the syntax and interpretation of certificate templates, which forms the basis of certificate management for the Certificate Templates Protocol.

Added a new enrollment-attribute flag CT_FLAG_NO_SECURITY_EXTENSION to the msPKI-Enrollment-Flag Attribute table, that when applied, instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. A behavior note is added to indicate that this enrollment flag is supported by the operating systems specified in [MSFT-CVE-2022-26931], each with its related KB article download installed.

May 2022

[MS-FSA]: File System Algorithms

Specifies File System Algorithms in terms of an abstract model for how an object store can be implemented to support the Server Message Block (SMB) Version 1.0 Protocol [MS-SMB] and the Server Message Block (SMB) Version 2.0 Protocol [MS-SMB2].

This document has been updated as follows:

Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023].

May 2022

[MS-FSCC]: File System Control Codes

Specifies the File System Control Codes that define the network format of native Windows structures that may be used within other protocols.

This document has been updated as follows:

Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023].

May 2022

[MS-MDM]: Mobile Device Management Protocol

Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE].

This document has been updated as follows:

Section 3.2.5.1: Added a product note that support for user sessions on Windows 11, version 22H2 operating system (version2) multi-session Edition only in Windows Virtual Desktop was backported to Windows 11 (version 1). 

May 2022

[MS-PKCA]: Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol

Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol. This protocol enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol (PKINIT) and specifies the Windows implementation of PKINIT where it differs from [RFC4556].

This document has been updated as follows:

●  Section 3.1.5.2.1.5 Mapping Strength, added section for the KDC to search for strong mappings to map a certificate to a user.

●  Section 3.1.5.2.1.6 SID, added section for the KDC to find strong user mappings by using the certificate SID.

May 2022

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol.

This document has been updated as follows:

Added references to changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023].

May 2022

[MS-WCCE]: Windows Client Certificate Enrollment Protocol

Specifies the Windows Client Certificate Enrollment Protocol, which consists of a set of DCOM interfaces that enable clients to request various services from a certification authority (CA). These services enable X.509 (as specified in [X509]) digital certificate enrollment, issuance, revocation, and property retrieval.

Created a new security extension and specified certificate authority (CA) server processing rules for enhanced security protections. A new template enrollment flag assists in coordinating how the processing rule security logic is applied. A behavior note is added to indicate that this security extension is supported by the operating systems specified in [MSFT-CVE-2022-26931], each with its related KB article download installed.

May 2022

Technical Document Release

The following technical documents were updated in April 2022 for Windows 11 v22H2.

Specification

Description

Release Date

[MS-ADTS]: Active Directory Technical Specification

Specifies the core functionality of Active Directory. Active Directory extends and provides variations of the Lightweight Directory Access Protocol (LDAP).

This document has been updated as follows:

●  Provided the ability to use LDAP limits to configure the maximum number of objects returned by the msds-TokenGroup* family constructed attributes.

●  Enabled information about root and child domains in trusting Active Directory forests to be queried and stored in existing msdsForestTrustInfo AD attribute; this information is then used for namespace filtering during NTLM pass-through authentications.

●  Checked UserAccountControl attributes on computer objects and set the default to UF_WORKSTATION_TRUST_ACCOUNT; if default not set, the Add method returns ERROR_DS_SECURITY_ILLEGAL_MODIFY.

●  Included additional authorization checks for LDAP Add-object and Modify-object operations.

●  Included SPN alias uniqueness updates to facilitate domain-wide userPrincipalName (UPN) and servicePrincipalName (SPN) uniqueness checking.

All these features are supported in Windows 11 v22H2 and later operating systems.

April 2022

[MS-CDP]: Connected Devices Platform Protocol Version 3

Specifies the Connected Devices Platform Protocol Version 3. This protocol provides a discovery system to authenticate and verify users and devices, as well as providing a message exchange between devices. It provides a transport-agnostic means of building connections among all of a user's devices, whether available through the cloud or through direct physical presence.

This document has been updated as follows:

Added the PrincipalNameHash to the Presence Response UDP. PrincipalNameHash is a salted hash of the device id and the logged-on user's account email.

April 2022

[MS-EFSR]: Encrypting File System Remote (EFSRPC) Protocol

Specifies the Encrypting File System Remote (EFSRPC) Protocol, which performs maintenance and management operations on encrypted data that is stored remotely and accessed over a network.

This document has been updated as follows:

Added product behavior notes throughout to indicate that the lsarpc endpoint has been removed in Windows 11 v22H2 and later.

April 2022

[MS-FASP]: Firewall and Advanced Security Protocol

Specifies the Firewall and Advanced Security Protocol. The protocol manages firewall and advanced security components on remote computers.

This document has been updated as follows:

●  Updated operating system applicability in product behavior note <4> to specify support of Dynamic Keyword Addresses feature in Windows 11 v22H2 and Windows Server 2022 operating system.

●  Added new Firewall rule enforcement state to represent detection of duplicate Firewall rules, such that object policies already enforced by the server are not duplicated.

●  Updated Firewall Policy version table and policy listing in text to include policy v2.32 (0x0220), to coincide with the advent of Windows 11 v22H2 operating system.

April 2022

[MS-MDE2]: Mobile Device Enrollment Protocol Version 2

Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES.

This document has been updated as follows:

Updated to version 5.0 with the following elements for this version of Windows Client:

●  Added a new product value to the OSEdition Enumeration for MS-MDM Windows Azure.

●  Added value 5.0 to RequestVersion for DiscoveryRequest.

●  Added value 5.0 to EnrollmentVersionfor DiscoveryResponse.

●  Added two new child elements the GetPoliciesResponse.

●  Added seven new ac: elements to the RequestSecurityToken using Federated Authentication.

●  Added seven new ac: elements to the RequestSecurityToken using On-Premise Authentication.

●  Added new Certificate Recovery section 3.6 with subsections.

●  Updated the RequestVersion number in the Discovery input message example.

●  Updated the EnrollmentVersion number in the Discovery output message.

●  Updated the code for the call to the RequestSecurityToken message example.

April 2022

[MS-MDM]: Mobile Device Management Protocol

Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE].

This document has been updated as follows:

●  Azure Details –Contains the following.

●  Message Processing Events and Sequencing Rules

●  Windows Azure Virtual Desktop (AVD) for Multi-users' User Setting Configuration
AVD supports multiple users that can log on simultaneously.

●  Device Session vs. User Session
Session modes: mixed, device, or user governs what settings that can be sent or received.

●  Azure AD Join
MDM supports only AADJ enrollment in AVD with the user token.

●  SyncApplicationVersion
Version 5.0 allows the client to run in multi-users AVD mode.

●  MultipleSession Poll Interval
Intervals set by the MDM server are specified by DM Client CSP.

●  SyncType Alert
Alert type 1224 CLIENT EVENT data has the session mode that the MDM server should send.

April 2022

[MS-RDPBCGR]: Remote Desktop Protocol: Basic Connectivity and Graphics Remoting

Specifies the Remote Desktop Protocol: Basic Connectivity and Graphics Remoting, designed to facilitate user interaction with a remote computer system by transferring graphics display information from the remote computer to the user and transporting input from the user to the remote computer, where it may be injected locally.

This document has been updated as follows:

●  Added values for the version fields for RDP versions 10.10 and 10.11 for both clients and servers.

●  Documented new capabilities flags for the client or server to show it can skip the MCS Channel Join in the Channel Connection phase. Processing rules updated for handling the new flags.

April 2022

[MS-RDPEAI]: Remote Desktop Protocol: Audio Input Redirection Virtual Channel Extension

Specifies the Remote Desktop Protocol: Audio Input Redirection Virtual Channel Extension, which transfers audio data from a client to a server.

This document has been updated as follows:

A value has been added to the Version PDU to indicate Version 2 of the protocol. Processing rules were updated for the new value.

April 2022

[MS-RDPEGFX]: Remote Desktop Protocol: Graphics Pipeline Extension

Specifies the Remote Desktop Protocol: Graphics Pipeline Extension, a graphics protocol that is used to encode graphics display data generated in a remote terminal server session so that the data can be sent from the server and received, decoded, and rendered by a compatible client. The net effect is that a desktop or an application running on a remote terminal server appears as if it is running locally.

This document has been updated as follows:

Added a new capability set and provided processing rules for the new set.

April 2022

[MS-WUSP]: Windows Update Services: Client-Server Protocol

Specifies the Windows Update Services: Client-Server Protocol, which enables machines to discover and download software updates over the Internet using the SOAP and HTTP protocols.

This document has been updated as follows:

●  Improved the gathering of metadata describing software update content, including the identification of software revisions, installed hardware devices, update relationships, and client metadata, in Windows update scenarios by:

●  Adding DeviceFlags to the SyncUpdates parameters to more easily detect and distinguish PNP versus non-PNP devices when gathering client device metadata.

●  Adding the DriverRank element to ensure uniformity with the base installed driver type of a device to determine how well a driver package matches the device.

●  Adding the callerAttributes element to optimize client/server communications by aligning the core metadata for a software revision obtained from the SyncUpdates method with additional metadata obtained from the GetExtendedUpdateInfo2 method, by sending callerAttributes in both calls.

These features are supported by Windows 11 v22H2 and later.

April 2022

Content Updates

The following documents were republished in April 2022 to incorporate previous servicing release updates and/or other content issues.

Specification

Content Updates

[MS-BKRP]: BackupKey Remote Protocol

List of Changes

[MS-CMRP]: Failover Cluster: Management API (ClusAPI) Protocol

List of Changes

[MS-DTYP]: Windows Data Types

List of Changes

[MS-EMF]: Enhanced Metafile Format

List of Changes

[MS-FSA]: File System Algorithms

List of Changes

[MS-FSCC]: File System Control Codes

List of Changes

[MS-KILE]: Kerberos Protocol Extensions

List of Changes

[MS-LSAD]: Local Security Authority (Domain Policy) Remote Protocol

List of Changes

[MS-NBTE]: NetBIOS over TCP (NBT) Extensions

List of Changes

[MS-NCNBI]: Network Controller Northbound Interface

List of Changes

[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol

List of Changes

[MS-NRPC]: Netlogon Remote Protocol

List of Changes

[MS-PAC]: Privilege Attribute Certificate Data Structure

List of Changes

[MS-RPRN]: Print System Remote Protocol

List of Changes

[MS-RSVD]: Remote Shared Virtual Disk Protocol

List of Changes

[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Client-to-Server)

List of Changes

[MS-SCMR]: Service Control Manager Remote Protocol

List of Changes

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

List of Changes

[MS-SPNG]: Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) Extension

List of Changes

[MS-VHDX]: Virtual Hard Disk v2 (VHDX) File Format

List of Changes

[MS-WDHCE]: Wi-Fi Display Protocol: Hardware Cursor Extension

List of Changes

[MS-WKST]: Workstation Service Remote Protocol

List of Changes

Reference Document Release

The following reference document was updated in November 2021.

Specification

Description

Release Date

[MS-ERREF]: Windows Error Codes

Describes the HRESULT values, Win32 error codes, and NTSTATUS values that are referenced in the protocol specifications throughout the Windows protocols documentation set.

This document has been updated as follows:

Expanded the description of the CERT_E_REVOKED error value to include information about device drivers with invalid certificates.

November 2021

Overview Documents Release

The following overview documents were updated October 2021 for Windows 11.

Specification

Description

Release Date

[MS-AUTHSOD]: Authentication Services Protocols Overview

Provides an overview of the functionality and relationship of the protocols in the Authentication Services protocols. The Authentication Services protocols verify the identity of users, computers, and services through the interactive logon and network logon authentication processes. Once authenticated, these entities can be authorized to access network resources securely. The Windows client and server operating systems implement a set of authentication protocol standards, such as Kerberos [RFC4120], and their extensions, such as [MS-KILE], as part of an extensible architecture consisting of security support provider (SSP) security packages.

This document has been updated as follows:

●  Updated TLS diagram with RFCs for TLS 1.3, TLS extensions, elliptic curves, and cipher suites.

●  Added TLS Version 1.3 with reference to [RFC8446].

●  Added Windows 11 to the applicability list.

October 2021

[MS-WPO]: Windows Protocols Overview

Provides an overview of the Windows interoperability technologies and the protocols required for implementation. It also describes the intended functionality of the Windows interoperability protocols and technologies and provides examples of common user scenarios.

This document has been updated as follows:

●  Added references to [RFC5246] TLS v1.2 and [RFC8446] TLS v1.3.

●  Added Windows 11 to the applicability list.

October 2021