Windows Azure Training Kit August 2012 Release; Security Advisory 2743314 Details MS-CHAP v2 Authentication Exploit

August 2012 Windows Azure Training Kit, come included with a comprehensive set of technical content such as hands-on labs and presentations that are designed to help you learn how to use the latest Windows Azure features and services. August 2012 update of the Windows Azure Training Kit includes 41 hands-on labs and 35 presentations. Some […]

August 2012 of Windows Azure Training Kit

August 2012 Windows Azure Training Kit, come included with a comprehensive set of technical content such as hands-on labs and presentations that are designed to help you learn how to use the latest Windows Azure features and services.

August 2012 update of the Windows Azure Training Kit includes 41 hands-on labs and 35 presentations. Some of the updates in this version include:

  • "Added 7 presentations specifically designed for the Windows Azure DevCamps
  • Added 4 presentations for Windows Azure SQL Database, SQL Federation, Reporting, and Data Sync
  • Added presentation on Security & Identity
  • Added presentation on Building Scalable, Global, and Highly Available Web Apps
  • Several hands-on lab bug fixes
  • Added the Windows Azure DevCamp 1-day event agenda
  • Updated Windows Azure Foundation Training Workshop 3-day event agenda," informs Microsoft.

Download Windows Azure Training Kit from Microsoft Download Center.

Microsoft ASP.NET Universal Providers Core 1.2 an update to the version of Universal Providers that shipped with Visual Studio 2012 bring the following key changes: "Address key performance issues with the providers; and Depends on EntityFramework Code First."

You can follow this documentation on how to update a nuget package. "While updating you will get the EntityFramework 5.0.0 package as well from the nuget.org."

Microsoft also just issued a Security Advisory 2743314, providing guidance to help protect customers from a technique that could allow a man-in-the middle attack to obtain a user's domain credentials when VPN is configured to use PPTP and MSCHAPv2.

"Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs."

Microsoft says it is not currently aware of active attacks that use this exploit code or of customer impact at this time. "Only VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable to this issue," MSRC wrote.

Suggested Actions:

Secure your MS-CHAP v2/PPTP based tunnel with PEAP

For information on how to secure your MS-CHAP v2/PPTP based tunnel with PEAP, see Microsoft Knowledge Base Article KB2744850.

Or, as an alternative to implementing PEAP-MS-CHAP v2 Authentication for Microsoft VPNs, use a more secure VPN tunnel

If the tunnel technology used is flexible, and a password-based authentication method is still required, then Microsoft recommends using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.

For more information, see the following links:

L2TP - Configure L2TP/IPsec-based Remote Access
VPN Reconnect (IPSEC IKEv2) - Configure IKEv2-based Remote Access
SSTP - SSTP Remote Access Step-by-Step Guide: Deployment

Note Microsoft recommends that customers assess the impact of making configuration changes to their environment. Implementing PEAP-MS-CHAP v2 Authentication for Microsoft VPNs may require less change to configuration and have a lesser impact to systems than implementing a more secure VPN tunnel, such as using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.

Check out the Security Advisory 2743314 here.