What’s New and Changed

Updated Documentation

Service Releases

The following documents were updated and have errata published for service releases after the May 2021 release for Windows 10 v2106. See Windows Protocols Errata.

Specification

Description

Release Date

[MS-EFSR]: Encrypting File System Remote (EFSRPC) Protocol

Specifies the Encrypting File System Remote (EFSRPC) Protocol, which performs maintenance and management operations on encrypted data that is stored remotely and accessed over a network.

This document has been updated as follows:

●  Added new reference to Windows LSA Spoofing Vulnerability [MSFT-CVE-2021-36942].

●  Added product note with reference to Windows LSA Spoofing Vulnerability [MSFT-CVE-2021-36942], return error code ERROR_ACCESS_DENIED for the EfsRpcOpenFileRaw method using the \pipe\lsarpc endpoint, and the list of applicable products.

August 2021

[MS-MDE2]: Mobile Device Enrollment Protocol Version 2

Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES.

This document has been updated as follows:

Updated product behavior notes with product version support for the following features:

●  RequestSecurityToken using Federated Authentication

●  RequestSecurityToken using Certificate Authentication

●  RequestSecurityToken using On-Premise Authentication

August 2021

[MS-PKCA]: Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol

Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol. This protocol enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol (PKINIT) and specifies the Windows implementation of PKINIT where it differs from [RFC4556].

This document has been updated as follows:

●  Removed references to RC2 encryption mode rc2-cbc.

●  Added reference to the security update Windows Key Distribution Center Information Disclosure Vulnerability [MSFT-CVE-2021-33764].

August 2021

[MS-WUSP]: Windows Update Services: Client-Server Protocol

Specifies the Windows Update Services: Client-Server Protocol, which enables machines to discover and download software updates over the Internet using the SOAP and HTTP protocols.

This document has been updated as follows:

●  Updated ClientBehaviors element product applicability.

●  Added the GeoId property to the Request XML as part of the GetExtendedUpdateInfo method.

●  Provided definition of the GeoId property.

●  Updated region information in the Metadata Table by adding the GeoId element and description to the Eula entry.

●  Added and updated product behavior notes to indicate operating systems that support the GeoId property via feature backports to those systems.

August 2021

[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients

Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to [RFC6749] (The OAuth 2.0 Authorization Framework) that allows a broker client to obtain access tokens on behalf of calling clients.

This document has been updated as follows:

●  Updated this protocol to support client use of KDFv2 version.

●  Added server and client usage processing directions for KDFv2 version.

●  Added behavior note with KDF Version 2 support with the Windows Azure AD Security Feature Bypass Vulnerability [MSFT-CVE-2021-33781] that contains the list of KB articles and operating systems.

July 2021

[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions

Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider metadata that enable the discovery of the issuer of access tokens and give additional information about provider capabilities.

This document has been updated as follows:

●  Updated to support server and client use of KDFv2 version.

●  Added behavior note with KDF Version 2 support with the Windows ADFS Security Feature Bypass Vulnerability [MSFT-CVE-2021-33779] that contains the list of KB articles and operating systems.

July 2021

[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Client-to-Server)

Specifies the Security Account Manager (SAM) Remote Protocol, which supports management functionality for an account store or directory containing users and groups. The goal of the protocol is to enable IT administrators and users to manage users, groups, and computers.

This document has been updated as follows:

●  Updated document to provide support for recent AES encryption capabilities to the MS-SAMR protocol.

●  Added behavior note with the Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability [MSFT-CVE-2021-33757] for multiple Windows operating systems to which the capability is backported.

●  Added behavior note to indicate backported updates for the Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability [MSFT-CVE-2021-33757] that makes Advanced Encryption Standard (AES) encryption the preferred method when using the MS-SAMR protocol to change or set account passwords on Windows clients if AES encryption is supported by the SAM server.

July 2021

[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol

Specifies the Distributed Component Object Model (DCOM) Remote Protocol, which exposes application objects via remote procedure calls (RPCs) and consists of a set of extensions layered on the Microsoft Remote Procedure Call Extensions.

This document has been updated as follows:

●  Replaced existing authentication level constant 'RPC_C_AUTHN_LEVEL_CONNECT' with higher authentication level constant 'RPC_C_AUTHN_LEVEL_PKT_INTEGRITY' in behavior notes.

●  Created list of applicable products for which the updated feature is backported.

June 2021

[MS-EVEN]: EventLog Remoting Protocol

Specifies the EventLog Remoting Protocol, which exposes the RPC methods for reading events in both live and backup event logs on remote computers.

This document has been updated as follows:

●  Updated authentication level description and processing for client and server.

●  Added behavior note for Windows NTLM Elevation of Privilege Vulnerability security update June 2021 [MSFT-CVE-2021-31958] with product applicability list.

June 2021

[MS-EVEN6]: EventLog Remoting Protocol Version 6.0

Specifies the EventLog Remoting Protocol Version 6.0 protocol, which exposes RPC methods for reading events in both live and backup event logs on remote computers. This protocol was originally made available for Windows Vista.

This document has been updated as follows:

●  Updated authentication level description and processing for client and server.

●  Added behavior note for Windows NTLM Elevation of Privilege Vulnerability security update June 2021 [MSFT-CVE-2021-31958] with product applicability list.

June 2021

Overview Documents Release

The following overview documents were updated October 2021 for Windows 11.

Specification

Description

Release Date

[MS-AUTHSOD]: Authentication Services Protocols Overview

Provides an overview of the functionality and relationship of the protocols in the Authentication Services protocols. The Authentication Services protocols verify the identity of users, computers, and services through the interactive logon and network logon authentication processes. Once authenticated, these entities can be authorized to access network resources securely. The Windows client and server operating systems implement a set of authentication protocol standards, such as Kerberos [RFC4120], and their extensions, such as [MS-KILE], as part of an extensible architecture consisting of security support provider (SSP) security packages.

This document has been updated as follows:

●  Updated TLS diagram with RFCs for TLS 1.3, TLS extensions, elliptic curves, and cipher suites.

●  Added TLS Version 1.3 with reference to [RFC8446].

●  Added Windows 11 to the applicability list.

October 2021

[MS-WPO]: Windows Protocols Overview

Provides an overview of the Windows interoperability technologies and the protocols required for implementation. It also describes the intended functionality of the Windows interoperability protocols and technologies and provides examples of common user scenarios.

This document has been updated as follows:

●  Added references to [RFC5246] TLS v1.2 and [RFC8446] TLS v1.3.

●  Added Windows 11 to the applicability list.

October 2021

Technical Documents Release

The following technical document was updated in October 2021 for Windows 10 v21H2.

Specification

Description

Release Date

[MS-RPRN]: Print System Remote Protocol

Specifies the Print System Remote Protocol, which defines the communication of print job processing and print system management between a print client and a print server.

This document has been updated as follows:

Updated to support server and client use of _DRIVER_INFO, _FORM_INFO, _JOB_INFO, _MONITOR_INFO, _PORT_INFO and _PRINTER_INFO for XcvData.

October 2021

Content Updates

The following documents were updated in October 2021 to fix content issues.

Specification

Content Updates

[MS-FSA]: File System Algorithms

List of Changes

[MS-NCNBI]: Network Controller Northbound Interface

List of Changes

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

List of Changes

[MS-SRVS]: Server Service Remote Protocol

List of Changes

[MS-WCCE]: Windows Client Certificate Enrollment Protocol

List of Changes

[MS-WUSP]: Windows Update Services: Client-Server Protocol

List of Changes