Windows Vista SP1 Detailed Changes (Changelog)

Security Improvements

• Windows Vista SP1 includes all previously released Security Bulletin fixes which affect Windows Vista.
• SP1 includes Secure Development Lifecycle process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities.
• Service Pack 1 includes supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection.
• Improves the security of running RemoteApp™ programs and desktops by allowing RDP files to be signed. Administrators now have the control to differentiate the user experience based on the publisher’s identity.
• Data Execution Protection (DEP) is a memory-protection feature available beginning with Windows XP and Server 2003. SP1 improves security with a new set of Win32 APIs to allow programmatic control over a process’s DEP policy. This will provide application developers with finer control on a process’s DEP settings for security, testability, compatibility, and reliability.
• Improves the trustworthiness of data presented in Windows Security Center (WSC) by ensuring that only authenticated security applications can communicate with WSC.
• Improves security on wired networks by enabling single sign on (SSO) for authenticated wired networks. The single sign on experience presents the user with a single point of credential entry rather than being double prompted for local and network logon.
• For customers upgrading from Windows XP to Windows Vista SP1, the MSRT (Malicious Software Removal Tool) will not run as part of the upgrade. Rather the up-to-date MSRT offered monthly by Windows Update will help protect PCs.
• The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode.
• Improves security in smart card scenarios:
  • Introduction of a new PIN channel to securely collect smart card PINs via a PC. This new capability mitigates a number of attacks that today would require using an external PIN reader to prevent.
  • Enables smart cards that use biometric authentication instead of a PIN.
• Improves security over Teredo interface by blocking unsolicited traffic by default. This has already been addressed in a Security Update for Windows Vista (KB935807).
• Improves BitLocker Drive Encryption by offering an additional multi-factor authentication method that combines a key protected by the TPM (Trusted Platform Module) with a Startup Key stored on a USB storage device and a user-generated Personal Identification Number (PIN).
• Enhanced the BitLocker encryption support to volumes other than bootable volumes in Windows Vista (for Enterprise and Ultimate SKUs).
• Improves the OCSP (Online Certificate Status Protocol) implementation such that it can be configured to work with OCSP responses that are signed by trusted OCSP signers, separate from the issuer of the certificate being validated.
• Enables a standard user to invoke the CompletePC Backup application, provided that user can supply administrator credentials. Previously, only administrators could launch the application.
• The Remote Desktop client in Windows Vista SP1 provides user interface improvements for user and server authentication. The RDP client streamlines the multiple steps end users must follow to providing their credentials to Windows Server 2003 (or earlier) Terminal Servers, and simplifies the management of previously saved credentials.

Support for New Technologies and Standards

• Adds support for new strong cryptographic algorithms used in IPsec. SHA-256, AES-GCM, and AES-GMAC for ESP and AH, ECDSA, SHA-256, and SHA-384 for IKE and AuthIP.
• Adds the NIST SP 800-90 Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNG in Windows Vista.
• Adds support for SSTP (Secure Sockets Tunnel Protocol), a remote access VPN tunneling protocol that will be part of Microsoft’s RRAS (Routing and Remote Access Service) platform. SSTP helps provide full-network VPN remote access connections over SSL, removing some of the VPN connectivity challenges that other VPN tunnels face traversing NAT, web proxies, and firewalls.
• Adds full support for the latest IEEE draft of 802.11n wireless networking.
• Adds support for obtaining identity and invoke identity UI from an inner method via a new EAPHost runtime API as well as a configuration UI for tunnel methods. These APIs are useful for developers working on tunneling/multi-phased EAP authentication methods as well as those who implement networking supplicants which consume EAP authentications.
• Adds support for Windows Smartcard Framework to enable compliance with the EU.
• Digital Signature Directive and National ID / eID.
• Adds support for the Parental Controls Games Restrictions for ratings from the Korean Game Rating Board (GRB).
• Enhances TCP Chimney network card support so that a TCP Chimney network card can also support Compound TCP.
• Adds support in the Wireless Client for a new FIPS (Federal Information Processing) compliant mode. This mode is FIPS 140-2 compliant because it moves the cryptographic processing from the wireless network card to an existing FIPS-approved cryptographic library.
• Enhances Windows Firewall and IPsec to use the new cryptographic algorithms that are Suite B compliant.
• Updated drivers are delivered primarily via Windows Update and directly from hardware vendors, not as part of a service pack. However, a small number of critical drivers are included as part of Windows Vista (e.g., display drivers, audio drivers) and some of these have been updated.

Desktop Administration and Management

• Allows users and administrators to control which volumes the disk defragmenter runs on.
• Allows users and administrators using Network Diagnostics to solve the most common file sharing problems, not just network connection problems.
• Enables polling of RMS server at regular intervals to identify new templates and download them to the local template store. Previously these templates were pushed to clients via a combination of Group Policy and scripting. Additionally SP1 provides an API for applications to query and access template in the template store.
• Windows Vista SP1 includes a new Security Policy (UAC: Allow UAccess), which allows applications to prompt for elevation without using the secure desktop. This allows a remote helper to enter administrative credentials during a Remote Assistance session.
• Allows administrators to configure NAP Clients to: Receive updates from Windows Update or Microsoft Update, in addition to WSUS (Windows Server Update Services), as is the case for Windows Vista today. Define the time a client has to retrieve and submit Statements of Health. This allows the NAP client to respond in time when a particular connection has a timeout requirement. Use DNS server records to discover health registration authority (HRA) servers when there are no HRA’s configured through local configuration or group policy.
• Allow healthy clients used by the Help Desk to establish IPSec connections to unhealthy machines to help resolve problems. This improves the supportability of NAP by allowing Help Desk technicians with health compliant machines to establish connections (e.g. remote desktop, file share) to help resolve issues.
• Allows administrators to add a WSD (Web Services for Devices) Print Device to remote Windows Vista or Windows Server 2008 machines. This can be accomplished by using the Print Management Console.
• Allows the administrators to use a new admin flag to allow WMI scripted enumeration of all contents in the CSC cache. This will enhance WMI scripted administration for offline folders in Windows Vista. Previously this was available only through the COM API.
• Improves printing to local printers from within a Terminal Server session. • Allows users to rename or delete folders while working offline with redirected folders. This functionality is important to users that use Folder Redirection and work in offline mode for extended periods of time. This functionality is disabled by default but can be enabled by enabling a registry setting.
• Enhances the existing Vista EAPHost service by including an EAP (Extensible Authentication Protocol) Certification Program (ECP) Detection Mechanism. This mechanism makes delivery of EAP Methods submitted to the ECP available through Windows Update.
• Adds a WMI interface as a replacement for the MoveUser.exe tool which was removed from Windows Vista. This allows customers to remap an existing workgroup or domain user account profile to a new domain user account profile.
• Allows an administrator to configure properties of a network, such as the name, and deploy it network-wide via a Group Policy snap-in.
• Allows KMS (Key Management Service) to run within a Virtual Machine environment.

Pages: 1 2 3

Related Articles

• Display USB Devices Detailed Information with USBDeview
• eMule 0.48a for Windows Vista Free Download
• Ways to Solve Hard Disk LED (Activity) Non Stop Blinking Issues
• Download Vista Loader 2.1.2 OEM BIOS Crack Emulator
• Half-Open Outbound TCP Connections Limit Removed in Windows 7 and Vista SP2 (No Patch Required)
• Download WinAudit v2.27 to Perform Detailed Audit on Windows PC system
• France Maps and Satellite Images via Geoportail.fr
• Download TCP-Z V2.4 Build 20090108 to Patch tcpip.sys of Windows 7 (32-bit and 64-bit Support)
• Download Realtek HD Audio Driver 2.16 (Supports Windows 7)
• Windows Vista Volume Activation 2.0 Guide, Faq & Technical Guidance Free Download

This entry was posted on Sunday, December 9th, 2007 at 11:05 am and is filed under Windows Vista. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.