The random number generator is not compliant with Federal Processing Standard 140-2 in Windows Vista Service Pack 1 and in Windows Server 2008

Posted in Commerce Server 2007, Microsoft Exchange Server, Microsoft SQL Server, Vista Center, Vista Easter Eggs, Vista HowTo, Vista Tips, Windows Defender, Windows Server 2008, Windows Server 2008 - HowTo, Windows Server 2008 - Tips | No Comments »

The random number generator is not compliant with Federal Processing Standard 140-2 in Windows Vista Service Pack 1 and in Windows Server 2008

View products that this article applies to.

Article ID	:	954059
Last Review	:	July 28, 2008
Revision	:	1.0

SYMPTOMS

In Windows Vista Service Pack 1 (SP1) and in Windows Server 2008, the random number generator (RNG) is not compliant with Federal Information Processing Standard (FIPS) 140-2.

This problem affects all the functions that use the RNG. The CryptoAPI function CryptGenRandom and the CNG function BCryptGenRandom use the RNG directly. Other functions that generate random numbers for keying material or for other purposes may also use the RNG indirectly.

Important This problem does not affect the external behavior of any functions that use the RNG. It does not affect the strength of any system cryptographic implementations. Additionally, it does not change cryptographic functionality in any other way.

Back to the top

CAUSE

This problem occurs because certain internal self-tests are missing from the RNG.

Back to the top

RESOLUTION

A hotfix is available to resolve this problem. This hotfix contains changes to the cryptographic libraries in Windows Vista SP1 and in Windows Server 2008. These changes make the RNG fully compliant with the requirements of FIPS 140-2.

Note This hotfix does not change the functionality of the RNG.

After you install this hotfix, all cryptographic binaries that are affected will be updated with versions that contain the required self-tests.

Back to the top

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a Hotfix download available section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)

Note The Hotfix download available form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Back to the top

Prerequisites

The following list contains prerequisites for the hotfix:

Ã¢â‚¬Â¢

Windows Vista SP 1 or Windows Server 2008

Back to the top

Restart requirement

You have to restart the computer after you apply this hotfix.

Back to the top

Hotfix replacement information

This hotfix replaces the following hotfix:

953535 (/Feedback.aspx?kbNumber=953535/) When many SSL connections are established on a Windows Server 2008-based computer, the computer eventually stops responding because of a memory leak

Back to the top

Registry information

To use one of the hotfixes in this package, you do not have to make any changes to the registry.

Back to the top

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista SP1 and Windows Server 2008, x86-based versions

File name	File version	File size	Date	Time	Platform
Package_1_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,111	13-Jun-2008	17:14	Not Applicable
Package_2_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,278	13-Jun-2008	17:14	Not Applicable
Package_3_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,118	13-Jun-2008	17:14	Not Applicable
Package_4_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,119	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_client_1~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,367	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_client~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,431	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,422	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_sc~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,423	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_server_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,426	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_server~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,431	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,422	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,430	13-Jun-2008	17:14	Not Applicable
Update.mum	Not Applicable	3,077	13-Jun-2008	17:14	Not Applicable
X86_29bb96108f142530a4b4139904adbb11_31bf3856ad364e35_6.0.6001.22202_none_76f028724b0cc0bc.manifest	Not Applicable	698	13-Jun-2008	17:14	Not Applicable
X86_37886f5f471fe55abb2f04da46cc338e_31bf3856ad364e35_6.0.6001.22202_none_47432becc2a223bb.manifest	Not Applicable	698	13-Jun-2008	17:14	Not Applicable
X86_3c26f70068358c36aa15c4a03aa99aeb_31bf3856ad364e35_6.0.6001.22202_none_319963a0c8e80f34.manifest	Not Applicable	691	13-Jun-2008	17:14	Not Applicable
X86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.22202_none_ef1832b20881782e.manifest	Not Applicable	3,700	13-Jun-2008	04:55	Not Applicable
X86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22202_none_a6d62a0775e707d5.manifest	Not Applicable	34,373	13-Jun-2008	04:49	Not Applicable
X86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.22202_none_6052af0cca604873.manifest	Not Applicable	5,704	13-Jun-2008	04:49	Not Applicable
Bcrypt.dll	6.0.6001.22202	274,432	13-Jun-2008	03:20	x86
Ksecdd.sys	6.0.6001.22202	441,400	13-Jun-2008	03:57	x86
Lsasrv.dll	6.0.6001.22202	1,255,424	13-Jun-2008	03:25	x86
Lsasrv.mof	Not Applicable	13,780	18-Dec-2007	21:23	Not Applicable
Lsass.exe	6.0.6001.22202	9,728	13-Jun-2008	01:04	x86
Secur32.dll	6.0.6001.22202	72,704	13-Jun-2008	03:25	x86
Rsaenh.dll	6.0.6001.22202	243,256	13-Jun-2008	04:37	x86

Windows Vista SP1 and Windows Server 2008, x64-based versions

File name	File version	File size	Date	Time	Platform
Package_1_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,111	13-Jun-2008	17:14	Not Applicable
Package_2_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,278	13-Jun-2008	17:14	Not Applicable
Package_3_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,118	13-Jun-2008	17:14	Not Applicable
Package_4_for_kb954059~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	3,119	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_client_1~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,367	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_client~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,431	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,422	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_sc~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,423	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_server_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,426	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_server~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,431	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,422	13-Jun-2008	17:14	Not Applicable
Package_for_kb954059_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mum	Not Applicable	1,430	13-Jun-2008	17:14	Not Applicable
Update.mum	Not Applicable	3,077	13-Jun-2008	17:14	Not Applicable
X86_29bb96108f142530a4b4139904adbb11_31bf3856ad364e35_6.0.6001.22202_none_76f028724b0cc0bc.manifest	Not Applicable	698	13-Jun-2008	17:14	Not Applicable
X86_37886f5f471fe55abb2f04da46cc338e_31bf3856ad364e35_6.0.6001.22202_none_47432becc2a223bb.manifest	Not Applicable	698	13-Jun-2008	17:14	Not Applicable
X86_3c26f70068358c36aa15c4a03aa99aeb_31bf3856ad364e35_6.0.6001.22202_none_319963a0c8e80f34.manifest	Not Applicable	691	13-Jun-2008	17:14	Not Applicable
X86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.22202_none_ef1832b20881782e.manifest	Not Applicable	3,700	13-Jun-2008	04:55	Not Applicable
X86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22202_none_a6d62a0775e707d5.manifest	Not Applicable	34,373	13-Jun-2008	04:49	Not Applicable
X86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.22202_none_6052af0cca604873.manifest	Not Applicable	5,704	13-Jun-2008	04:49	Not Applicable
Bcrypt.dll	6.0.6001.22202	274,432	13-Jun-2008	03:20	x86
Ksecdd.sys	6.0.6001.22202	441,400	13-Jun-2008	03:57	x86
Lsasrv.dll	6.0.6001.22202	1,255,424	13-Jun-2008	03:25	x86
Lsasrv.mof	Not Applicable	13,780	18-Dec-2007	21:23	Not Applicable
Lsass.exe	6.0.6001.22202	9,728	13-Jun-2008	01:04	x86
Secur32.dll	6.0.6001.22202	72,704	13-Jun-2008	03:25	x86
Rsaenh.dll	6.0.6001.22202	243,256	13-Jun-2008	04:37	x86

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the Applies to section.

Back to the top

MORE INFORMATION

For more information about FIPS 140 evaluation, visit the following Microsoft Web site:

http://www.microsoft.com/technet/archive/security/topics/issues/fipseval.mspx?mfr=true (http://www.microsoft.com/technet/archive/security/topics/issues/fipseval.mspx?mfr=true)

For more information about the BCryptGenRandom function, visit the following Microsoft Web site:

http://msdn.microsoft.com/en-us/library/aa375458.aspx (http://msdn.microsoft.com/en-us/library/aa375458.aspx)

For more information about the CryptGenRandom function, visit the following Microsoft Web site:

http://msdn.microsoft.com/en-us/library/aa379942.aspx (http://msdn.microsoft.com/en-us/library/aa379942.aspx)

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 (/Feedback.aspx?kbNumber=824684/) Description of the standard terminology that is used to describe Microsoft software updates

Back to the top

APPLIES TO

Ã¢â‚¬Â¢

Windows Vista Service Pack 1, when used with:

Ã‚Â	Ã‚Â	Windows Vista Enterprise 64-bit Edition
Ã‚Â	Ã‚Â	Windows Vista Home Basic 64-bit Edition
Ã‚Â	Ã‚Â	Windows Vista Home Premium 64-bit Edition
Ã‚Â	Ã‚Â	Windows Vista Ultimate 64-bit Edition
Ã‚Â	Ã‚Â	Windows Vista Business
Ã‚Â	Ã‚Â	Windows Vista Business 64-bit Edition
Ã‚Â	Ã‚Â	Windows Vista Enterprise
Ã‚Â	Ã‚Â	Windows Vista Home Basic
Ã‚Â	Ã‚Â	Windows Vista Home Premium
Ã‚Â	Ã‚Â	Windows Vista Ultimate

Ã¢â‚¬Â¢

Windows Server 2008 Datacenter without Hyper-V

Ã¢â‚¬Â¢

Windows Server 2008 Enterprise without Hyper-V

Ã¢â‚¬Â¢

Windows Server 2008 for Itanium-Based Systems

Ã¢â‚¬Â¢

Windows Server 2008 Standard without Hyper-V

Ã¢â‚¬Â¢

Windows Server 2008 Datacenter

Ã¢â‚¬Â¢

Windows Server 2008 Enterprise

Ã¢â‚¬Â¢

Windows Server 2008 Standard

Back to the top

kbautohotfix kbexpertiseadvanced kbfix kbqfe kbhotfixserver KB954059

Back to the top

Open Software Solutions

Recent Articles

Help us: Donate

Categories

Pages

Recomended

Archives