Microsoft Windows Common Criteria Evaluation Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Microsoft Windows Common Criteria Evaluation Security Target Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 version 1803 (April 2018 Update) Microsoft Windows Server version 1803 (April 2018 Update) Security Target Document Information Version Number 0.03 Updated On October 11, 2018 Microsoft © 2018 Page 1 of 119 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 June 27, 2018 Initial draft 0.02 September 7, 2018 Updates from security target evaluation 0.03 October 11, 2018 Updates from testing, CAVS certificates 0.04 Microsoft © 2018 Page 2 of 119 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2018 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft © 2018 Page 3 of 119 Microsoft Common Criteria Security Target TABLE OF CONTENTS SECURITY TARGET .........................................................................................................................1 VERSION HISTORY ..............................................................................................................................2 TABLE OF CONTENTS ........................................................................................................................4 LIST OF TABLES .................................................................................................................................8 1 SECURITY TARGET INTRODUCTION ......................................................................................9 1.1 ST REFERENCE ........................................................................................................................9 1.2 TOE REFERENCE......................................................................................................................9 1.3 TOE OVERVIEW ......................................................................................................................9 1.3.1 TOE TYPES ....................................................................................................................................... 9 1.3.2 TOE USAGE .................................................................................................................................... 10 1.3.3 TOE SECURITY SERVICES ................................................................................................................... 10 1.3.4 NON-TOE HARDWARE, SOFTWARE, FIRMWARE IN THE EVALUATION ....................................................... 12 1.4 TOE DESCRIPTION ................................................................................................................. 12 1.4.1 EVALUATED CONFIGURATIONS ........................................................................................................... 12 1.4.2 SECURITY ENVIRONMENT AND TOE BOUNDARY ................................................................................... 12 1.4.2.1 Logical Boundaries ...................................................................................................................... 12 1.4.2.2 Physical Boundaries .................................................................................................................... 13 1.5 PRODUCT DESCRIPTION .......................................................................................................... 14 1.6 CONVENTIONS, TERMINOLOGY, ACRONYMS ................................................................................ 15 1.6.1 CONVENTIONS ................................................................................................................................ 15 1.6.2 TERMINOLOGY ................................................................................................................................ 15 1.6.3 ACRONYMS..................................................................................................................................... 18 1.7 ST OVERVIEW AND ORGANIZATION ........................................................................................... 18 2 CC CONFORMANCE CLAIMS ............................................................................................... 20 3 SECURITY PROBLEM DEFINITION ........................................................................................ 21 3.1 THREATS TO SECURITY ............................................................................................................ 21 3.2 ORGANIZATIONAL SECURITY POLICIES ......................................................................................... 22 3.3 SECURE USAGE ASSUMPTIONS .................................................................................................. 22 4 SECURITY OBJECTIVES ....................................................................................................... 24 Microsoft © 2018 Page 4 of 119 Microsoft Common Criteria Security Target 4.1 TOE SECURITY OBJECTIVES ...................................................................................................... 24 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT .......................................................... 25 5 SECURITY REQUIREMENTS ................................................................................................. 27 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................... 27 5.1.1 SECURITY AUDIT (FAU) .................................................................................................................... 29 5.1.1.1 Audit Data Generation (FAU_GEN.1) and FAU_GEN.1(WLAN) ................................................... 29 5.1.2 CRYPTOGRAPHIC SUPPORT (FCS) ....................................................................................................... 30 5.1.2.1 Cryptographic Key Generation (FCS_CKM.1) .............................................................................. 30 5.1.2.2 Cryptographic Key Generation for WPA2 Connections (FCS_CKM.1(WLAN)) ............................ 30 5.1.2.3 Cryptographic Key Establishment (FCS_CKM.2) ......................................................................... 31 5.1.2.4 Cryptographic Key Distribution for GTK (FCS_CKM.2(WLAN)).................................................... 31 5.1.2.5 Cryptographic Key Destruction (FCS_CKM.4) ............................................................................. 31 5.1.2.6 Cryptographic Operation for Encryption / Decryption (FCS_COP.1(SYM)) ................................. 31 5.1.2.7 Cryptographic Operation for Hashing (FCS_COP.1(HASH)) ........................................................ 32 5.1.2.8 Cryptographic Operation for Signing (FCS_COP.1(SIGN)) ........................................................... 32 5.1.2.9 Cryptographic Operation for Keyed Hash Algorithms (FCS_COP.1(HMAC)) ............................... 32 5.1.2.10 Random Bit Generation (FCS_RBG_EXT.1).............................................................................. 32 5.1.2.11 Storage of Sensitive Data (FCS_STO_EXT.1) ............................................................................ 32 5.1.2.12 TLS Client Protocol (FCS_TLSC_EXT.1) ..................................................................................... 33 5.1.2.13 Extended: Extensible Authentication Protocol-Transport Layer Security (FCS_TLSC_EXT.1(WLAN)) ........................................................................................................................... 33 5.1.2.14 TLS Client Protocol (FCS_TLSC_EXT.2) ..................................................................................... 34 5.1.2.15 Extended: TLS
Recommended publications
  • KACE® Systems Management Appliance 11.0 Patching Catalog
    KACE® Systems Management Appliance 11.0 Patching Catalog: Supported Operating Systems and Applications Table of Contents Patching matrix........................................................................................................................................ 3 Operating systems........................................................................................................................... 3 Applications...................................................................................................................................... 5 About us.................................................................................................................................................20 Technical support resources......................................................................................................... 20 Legal notices..................................................................................................................................20 KACE Systems Management Appliance 11.0 Patching Catalog: Supported Operating Systems and Applications 2 Patching matrix This document contains the most recent list of supported applications and operating systems in the KACE Patch Catalog. The content of this matrix was compiled in March 2021. Operating systems Platform Publisher Operating System (OS) OS Architecture Edition Mac Apple Computer, Inc. macOS Catalina 10.15 ALL x86_64 Mac Apple Computer, Inc. macOS High Sierra 10.13 ALL x86_64 Mac Apple Computer, Inc. macOS Mojave 10.14 ALL x86_64 Mac Apple
    [Show full text]
  • Download Windows 10 Update 1809 Windows 10: Continue Support for Versions 1803 and Onward
    download windows 10 update 1809 Windows 10: continue support for versions 1803 and onward. I have a question for the Windows team. I want to know if it is possible to continue support for Windows 10 version 1803 and onward? I am using 1809. I am asking is because when 1903 comes out someday, my device might not be able to work with it. I would like to use it but do not want to spend $$ buying a new device. 1809 is a good version. It seems like Microsoft will end support for different versions of Windows 10 different times. Subscribe Subscribe to RSS feed. Report abuse. Replies (6) Support for version 1809 ends on May 12, 2020. All this means is that you will not receive updates for that version, it does not mean that your Windows will cease to function, it will continue working as it always has . If your device cannot take the 1903 update, then it will refuse to install, that is all that will happen, you have nothing to worry about . Power to the Developer! MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD. Report abuse. Was this reply helpful? Sorry this didn't help. Great! Thanks for your feedback. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. How satisfied are you with this reply? Thanks for your feedback. I mean continue support for versions like 1803, 1809 and onward. I don't think anyone want the versions to end support.
    [Show full text]
  • Should Download Windows 10, Version 1709 Or
    should download windows 10, version 1709 or not Microsoft .NET Framework 4.8 on Windows 10 version 1709, Windows 10 version 1803, Windows 10 version 1809 and Windows Server 2019. This article describes an update for Microsoft .NET Framework 4.8 on Windows 10, version 1709, Windows 10, version 1803, Windows Server, version 1803, Windows 10, version 1809 and Windows Server, version 1809 and Windows Server 2019. Please note: .NET Framework 4.8 has been refreshed with the latest servicing updates as of January 14 th , 2020. Apart from the servicing fixes, there is no change in the .NET Framework 4.8 product from the August 13 th , 2019 Windows update. If you have already downloaded and installed the update from August, you do not need to install this update otherwise please install this update to receive the latest product bits. About Microsoft .NET Framework 4.8. Microsoft .NET Framework 4.8 is a highly compatible and in-place update to .NET Framework 4.7, 4.7.1 and 4.7.2. However, it can run side- by-side with .NET Framework 3.5 Service Pack 1 (SP1) and earlier versions of .NET Framework. When you install this package, it is listed as Update for Microsoft Windows (KB 4486153) under the Installed Updates item in Control Panel. Microsoft .NET Framework 4.8 is available on the Microsoft Update Catalog website for download and for import into Windows Software Update Services (WSUS). Download information. The following files are available for download from the .NET Download Site: For more information about .NET Framework 4.8 offline installer, see .NET Framework 4.8 offline installer for Windows.
    [Show full text]
  • Recovery Media Creation Guide Based on Active Backup for Business 2.1.1 Table of Contents
    Recovery Media Creation Guide Based on Active Backup for Business 2.1.1 Table of Contents Introduction Method 1: Automatically Create Recovery Media System Requirements and Supported Media Types 4 Create USB Recovery Media 5 Create ISO Recovery Media 7 Cancel Recovery Media or Troubleshoot Failure 9 Method 2: Manually Create Recovery Media System Requirements and Limitations 10 Create Recovery Media with the Windows ADK 11 Pack Recovery Media 13 Boot Recovery Media (ISO Image or USB Drive) 16 Appendix Copy Drivers 17 Install Drivers 17 Configure Resolution 18 Configure Language Settings 18 Add Certificate to WinPE Image 19 2 Introduction Synology Active Backup for Business is a business-wise and all-in-one backup solution that supports backing up physical devices including Windows PCs and Windows servers. With this solution, you can create recovery media to restore an entire device either automatically or manually. Recovery media must be created manually if the device intended to be restored is running a 32-bit version of Windows or contains specific driver versions, time zone, or language. However, recovery media can be created automatically if the device intended to be restored is not running a 32-bit version of Windows and does not contain specific drivers, time zone, and language. We recommend you to create recovery media automatically, if possible, because this method is easier. This Recovery Media Creation Guide details the methods for creating recovery media automatically or manually. Please refer to the following chapters detailing the methods, requirements, limitations, and processes of recovery media creation. 3 Introduction Method 1: Automatically Create Recovery Media Synology Active Backup for Business Recovery Media Creator is a desktop tool affiliated to our business data protection solution — Active Backup for Business.
    [Show full text]
  • What's New in Windows 10
    Contents What's new in Windows 10 What's new in Windows 10, version 1903 What's new in Windows 10, version 1809 What's new in Windows 10, version 1803 What's new in Windows 10, version 1709 What's new in Windows 10, version 1703 What's new in Windows 10, version 1607 What's new in Windows 10, versions 1507 and 1511 What's new in Windows 10 5/21/2019 • 2 minutes to read • Edit Online Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more. In this section What's new in Windows 10, version 1903 What's new in Windows 10, version 1809 What's new in Windows 10, version 1803 What's new in Windows 10, version 1709 What's new in Windows 10, version 1703 What's new in Windows 10, version 1607 What's new in Windows 10, versions 1507 and 1511 Learn more Windows 10 release information Windows 10 update history Windows 10 content from Microsoft Ignite Compare Windows 10 Editions See also Windows 10 Enterprise LTSC Edit an existing topic using the Edit link What's new in Windows 10, version 1903 IT Pro content 6/18/2019 • 10 minutes to read • Edit Online Applies to Windows 10, version 1903 This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update.
    [Show full text]
  • Windows 10 1803 Download Error
    windows 10 1803 download error Fix “2018-11 update for windows 10 version 1803 for x64-based systems (kb4023057) – error 0x80070643” kb4023057 has been rolling out over the last couple of days you might have received yours already and I got mine earlier today, now kb4023057 apparently improves the windows 10 update experience and the reliability of the windows update service components, which are essential for a bigger feature update being released later this year. It looks like with this update that Microsoft is getting their house in order and trying to push things out on the windows update side a lot smoother and efficient now. The update kb4023057 appears to be causing some unexpected problems on some computer system and most of the users were facing ‘ 2018- 11 update for windows 10 version 1803 for x64-based systems (kb4023057) – error 0x80070643 ‘ which does not allow the users to install this update on their computer machine. We have researched a lot and summarized some of the most working methods to educate the users to fix “ 2018-11 update for windows 10 version 1803 for x64-based systems (kb4023057) – error 0x80070643 ” issue in your computer machine. Methods to Fix “2018-11 update for windows 10 version 1803 for x64-based systems (kb4023057) – error 0x80070643”: These four methods are most likely to solve the update for windows 10 for x64-based systems (kb4023057), so please read and follow the steps carefully. Update Using Media Creation tool Removing Corrupted files Via Commands Uninstall and Retry Updates Update KB4023057 Run sfc/scannow Command Updating Windows Defender Signature Run the Troubleshooter Repair .Net Framework Run Dism.exe Command: This walk-through will help you to resolve your problem by given methods and solutions.
    [Show full text]
  • Windows 10 17760 Download Announcing Windows 10 Insider Preview Build 17760
    windows 10 17760 download Announcing Windows 10 Insider Preview Build 17760. Today, we are releasing Windows 10 Insider Preview Build 17760 (RS5) to Windows Insiders in the Fast ring. Meeting the challenge of game compatibility. The Windows Compatibility Team is pleased to announce that the Windows 10 October 2018 Update will be fully compatible with all major Tencent games. Game compatibility can be challenging due to the complexity of the games and reliance on anti-cheat services. We’ve done this by partnering closely with Tencent to test these games, investigate issues and produce fixes. Our hard work has paid off: we are pleased to say that this will be a successful release for our shared customers! We encourage all game developers or partners that produce anti-cheat software to reach out to us so that we can ensure compatibility for your products as well. Windows 10 update 17763.316 and 17134.590 offline installer (Download) Patch Tuesday for February is here and so is a new update for the Windows 10 version 1803, 1809, 1709 and other older versions – Here are all the perceiving details of it : Table of Contents. What is this update of KB4487044?? KB4487044 jounces the version number to build 17763.316, and this will fix problems regarding authentication, Windows Hello for Business, and an issue that allows users to bypass the Lock screen when using HoloLens. Microsoft ’s update of KB4487044 is also referred to as a “February 12, 2019—KB4487044 (OS Build 17763.316)” . If you are already running the Windows 10 version 1809 on your device, then this update will solve the following problems : Issues related to Hello for Business Hybrid Key Trust deployment sing-in to fail if Windows 2019 Server domain controller (DC) used for authentication.
    [Show full text]
  • Rules of the Road for Safe Patching
    Rules of the road for safe patching Monthly security patches ship on the second Tuesday of each month (Patch Tuesday). For all versions of Windows, defer them for at least 15 days. That should give Microsoft time to identify and fix any significant oopses. The exception is the rare urgent threat — in which case, we'll tell you to install an update sooner than later. (Check out our AskWoody.com posts on the days following Patch Tuesday.) Another exception: Security patches may also contain nonsecurity fixes. In some cases, you might want to install a security update sooner when it includes a feature fix you really need. Microsoft also sends out preview updates, typically on the third Tuesday of each month. They are completely optional, and we recommend skipping them. We will list them in the next Patch Watch column following their release because Microsoft typically doesn't label them as previews (bad dog!). Updates can be deferred on Window 10 Pro and above. If you're running Win10 Home, we recommend upgrading to Pro. Ensure that Windows 7's patch-update setting are set to download or check for updates, but don't automatically install them. It's your best defense against problematic patches. Other rules Never install hardware drivers -- unless you get them from the computer's manufacturer Never install an update to a newer version of .NET. Let your applications set the .NET versions they need If you are offered .NET 4.8, skip it. For business, I recommend being on 1903 at this time and deferring 1909 Version 2004 Sheet updated: 7/14/2020 >>>> Should be installed as of June 30, 2020 for business patchers Known issues page: https://docs.microsoft.com/en-us/windows/release-information/status-windows- Notes: 1) Test on your network, install as you see fit.
    [Show full text]
  • Installing and Upgrading Client Systems
    L e s s o n Installing and Upgrading Client Systems 1 Objective Domain Matrix Objective Domain Objective Technology Skill Description Domain Number Understanding Windows Identify Windows 2.1 Systems operating system editions Understand 2.4 operating system architecture Understanding Understand 2.3 Installation Types installation types Identify upgrade 2.2 paths COPYRIGHTED MATERIAL c01.indd 10/07/2019 Page 1 Key Terms AppLocker kernel mode Assigned Access 8.1 laptop BitLocker Lite Touch Installation (LTI) BranchCache LoadState.exe Business Store Long-Term Servicing Branch clean installation Private catalog Client Hyper-V Remote Desktop cloud RemoteApp command-line interface (CLI) ScanState.exe Continuum smartphone Cortana tablet Credential Guard text user interface (TUI) Current Branch for Business upgrade installation desktop PC User Experience control and lockdown device driver user interface (UI) Device Guard user mode DirectAccess User State Migration Tool (USMT) Encrypting File System (EFS) UsmtUtils.exe Enterprise Mode Internet Explorer virtual desktops (EMIE) Windows 10 graphical user interface (GUI) Windows 10 Education Group Policy management Windows 10 Enterprise hardware interrupts (IRQ) Windows 10 Home High Touch Installation (HTI) Windows 10 Media Creation tool hybrid computer Windows 10 Pro joining to a domain Windows Deployment Services c01.indd 10/07/2019 Page 2 Understanding Windows Systems 3 Windows Hello Windows Update for Business Windows Spotlight x64 Windows To Go x86 Windows Update Zero Touch Installation (ZTI) Lesson 1 Case You work as an IT technician for Interstate Snacks, Inc., a mid-market food service and vending company. Management has decided to standardize on Windows 10 Pro and has asked your IT group to evaluate all existing computers to determine if they can support the operating system.
    [Show full text]
  • Mcafee Policy Auditor Content Update Summary Version 1310
    2020-Nov-12 McAfee Policy Auditor Content Update Summary Product / Version Content Version McAfee Policy Auditor 6.x 1310 New Checks Oval ID Title oval:com.mcafee.oval.common:def:2933506 Adobe Acrobat Security Update for APSB20-67 Vulnerability oval:com.mcafee.oval.common:def:2933508 Adobe Reader Security Update for APSB20-67 Vulnerability oval:com.mcafee.oval.gen:def:439569 java-11-openjdk-static-libs patch for Redhat EL7 oval:com.mcafee.oval:def:2933441 Security Update for Microsoft Office Excel 2013 SP1 (KB4486695) oval:com.mcafee.oval:def:2933442 Security Update for Microsoft Office Outlook 2013 SP1 (KB4484524) oval:com.mcafee.oval:def:2933446 Microsoft Windows 10, x86 is installed oval:com.mcafee.oval:def:2933447 Microsoft Windows 10, x64 is installed oval:com.mcafee.oval:def:2933448 2020-03 Servicing stack update for Windows 8.1 for x64-based Systems (KB4540725) oval:com.mcafee.oval:def:2933449 2020-03 Servicing stack update for Windows 8.1 (KB4540725) oval:com.mcafee.oval:def:2933450 2020-03 Servicing stack update for Windows Server 2012 R2 for x64-bit Systems(KB4540725) oval:com.mcafee.oval:def:2933475 2020-04 Servicing stack update for Windows 10 Version 1909 for x86-based Systems (KB4552152) oval:com.mcafee.oval:def:2933476 2020-04 Servicing stack update for Windows 10 Version 1909 for x64-based Systems (KB4552152) oval:com.mcafee.oval:def:2933477 2020-04 Servicing stack update for Windows 10 Version 1903 for x86-based Systems (KB4552152) oval:com.mcafee.oval:def:2933478 2020-04 Servicing stack update for Windows 10 Version
    [Show full text]
  • How to Change the Administrator on Windows 10 We Show You 5 Different Ways
    How To Change The Administrator On Windows 10 We show you 5 different ways Written by: Elsie Otachi Posted on: August 12th, 2020 in: https://helpdeskgeek.com/windows-10/how-to-change-the-administrator- on-windows-10/ Windows 10 has the Standard user account and the Administrator account, each with different privileges to use a device and applications. An administrator account offers complete system control with privileges such as access to all files on the device. You can also modify other user accounts and change them to Standard or Administrator, install software and hardware, change security settings, and execute elevated tasks. However, if you got locked out of your computer, forgot your administrator password, or your admin rights were accidentally revoked, you can’t make any changes on the device. The Standard user account on the other hand is more restrictive. Standard users can work with apps and change settings that won’t affect other user accounts. Unlike administrators, Standard users cannot install new apps. Plus, if they have to execute an elevated task, they’ll need administrative credentials to complete it. There are different reasons why you may want to change the administrator on Windows 10. For example, if you’re handing over the device to someone else, or you want to add someone else as an administrator and become a Standard user yourself. Windows 10 includes different ways for you to change the administrator, which we’ll explain in this guide. How To Change The Administrator On Windows 10 There are five different ways to change the administrator on Windows 10.
    [Show full text]
  • Intel Ethernet Controller Products
    Intel® Ethernet Controller Products 26.4 Release Notes Ethernet Products Group August 2021 Revision 1.3 642515-003 Intel® Ethernet Controller Products 26.4 Release Notes Revision History Revision Date Comments 1.3 August 2021 • Added three additional issues to Section 2.1.2, “Linux Driver” 1.2 August 2021 • Added an additional issue to Section 3.1.1, “General” • Added an additional issue to Section 3.1.8, “VMware Driver”. • Added an additional issue to Section 3.1.9, “Manageability” 1.1 July 2021 • Added two additional issues to Section 3.1.2, “Firmware”. • Added one additional issue to Section 3.1.6, “Linux RDMA Driver” 1.0 July 2021 • Initial release. 2 642515-003 Intel® Ethernet Controller Products 26.4 Release Notes 1.0 Overview This document provides an overview of the changes introduced in the latest Intel® Ethernet controller/ adapter family of products. References to more detailed information are provided where necessary. The information contained in this document is intended as supplemental information only; it should be used in conjunction with the documentation provided for each component. These release notes list the features supported in this software release, known issues, and issues that were resolved during release development. 1.1 Supported Intel® Ethernet Controller Devices Note: Bold Text indicates the main changes for Software Release 26.4. Windows* Linux* FreeBSD Controller Family Driver Driver Driver NVM Version Version Version Version Intel® Ethernet 800 Series 1.9.65.x 1.6.x 1.30.x 3.0x Intel® Ethernet 700 Series
    [Show full text]