[MS-USBEPD] Operating system support status
Hi, We are trying to implement MS-USBEPD(https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-usbepd/7c4ff9b4-229e-4606-95ab-9384d1382465) to our USB device stack. Although we have successfully added Microsoft OS 2.0 descriptors and…
[MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request - SMB2_SIGNING_CAPABILITIES negotiate context
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/b39f253e-4963-40df-8dff-2f9040ebbeb1 According to spec: "If the Connection.Dialect is "3.1.1", then the server MUST process the NegotiateContextList..." "If…
Why Windows SMB client ignores supported auth mechanisms in Negotiate Response?
Scenario: SMB311 Server lists NTLM as the only supported auth mechanism in Negotiate response. Windows client ignores the fact and obtains the TGS for cifs/FQDN of the server and uses Kerberos authentication in Session Setup. Error codes such as…
[MS-SMB2] Clarification regarding the relationship between MaxTransactSize and MaxReadSize
Hello, According to [MS-SMB2] 2.2.4 NEGOTIATE Response: "MaxTransactSize (4 bytes): The maximum size, in bytes, of the buffer that can be used for QUERY_INFO, QUERY_DIRECTORY, SET_INFO and CHANGE_NOTIFY operations. MaxReadSize - The maximum read…
[MS-ADTS] 6.1.6.9.3.1 Record
Hello, I am writing to inquire about the specification for the attribute msDS-TrustForestTrustInfo of a forest trust object, specifically identified as 6.1.6.9.3.1 Record. Previously, I successfully implemented a parser for all record types, with the…
[MS-ADTS] 6.1.6.7.9 trustAttributes
Hi, Cross checking my previous question on msDS-TrustForestTrustInfo with https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/windows-updates-add-new-ntlm-pass-through-authentication-protections#issue-mitigations An attribute…
[MS-SMB2] MaxTransactSize and MaxReadSize values clarification
I'm investigating documentation about the SMB protocol. And a misunderstanding arose between these two values. 2.2.4 SMB2 NEGOTIATE Response MaxTransactSize (4 bytes): The maximum size, in bytes, of the buffer that can be used for QUERY_INFO,…
When is Montenegrin latin and cyrillic keyboard going to be added to Windows?
Hello! When is Microsoft planning to add Montenegrin (Latin) and Montenegrin (Cyrillic) keyboard to Windows OS? Montenegrin language has been officially recognized as a separate language with its own ISO 639-3 code “cnr” with its variants…
[MS-WCCE] §3.2.2.6.2.1.4.5.7 CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT question
I have a question on CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT flag processing rule as outlined in [MS-WCCE] §3.2.2.6.2.1.4.5.7 The document says that: The CA MUST ignore the CT_FLAG_PEND_ALL_REQUESTS flag. However, my recent tests…
[MS-WCCE] and [MS-CRTD] incorrent CT_FLAG_DONOTPERSISTINDB definition
The CT_FLAG_DONOTPERSISTINDB certificate template's setting flag numerical value is incorrect. The CT_FLAG_DONOTPERSISTINDB is defined in [MS-CRTD] §2.4 as: CT_FLAG_DONOTPERSISTINDB = 0x00000400 and referenced in [MS-WCCE] §3.2.2.6.2.1.4.4.1…
Connection reset upon receiving an SMB 3.1.1 encrypted packet.
Hello, everyone. I am currently working on an SMB client on an embedded RTOS system. When the test servers( Windows 11 & Windows 10) received the encrypted SMB packet from the client, Windows immediately fails the request with a [RST ,ACK] . I only…
WMIC stopped working on Windows 10 2004
I use WMIC to pull logs from remote machines internally. After we upgraded a few machines to Windows 10 2004 it stopped working for those machines and we now getting the following error: [wmi/wmic.c:196:main()] ERROR: Login to remote object. …
How to decrypt SMB3 traffic
The method of using netsh trace start provider=Microsoft-Windows-SMBClient saving as pcap in NetMon doesn't produce decrypted traffic. Described at Plugfest https://www.youtube.com/watch?v=aGG7cpLxdfQ
LCID for Quebec French Canadian
Is there a plan to add Quebec specific French Canadian to the list of LCID? We plan to create a content specific to Quebec, Canada, and trying to decide the best language code to use to identify/isolate the flavor of the language.
question pertaining to the binary compound file format
Hello, I am working off of the specification for compound binary files found here: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-cfb/53989ce4-7b05-4f8d-829b-d08d6148375b When attempting to parse a conforming document, I noted that the…
MS-Mice DTLS Handshake fails after Flight 4
Hi, I am having trouble performing the DTLS handshake as part of stream encryption in Ms-Mice. After Flight 4 (ref: RFC6347): which includes: ServerHello, Certificate, ServerKeyExchange, CertificateRequest and ServerHelloDone the client closes the…
Printing RPC over TCP - disable the encryption
Hi, is there a way to disable the encryption when Windows client prints using the RPC SPOOLSS over TCP (recent enforcement of Win11)? Domain policy or any other direction? …
Thread closed
The question was answered.....
SMB2 TREE_CONNECT response MaximalAccess: file or directory access mask?
I have hacked impacket a bit to provide access to the MaximalAccess field in the SMB2 TREE_CONNECT Response. However, I am wondering how to interpret this field. The docs say Contains the maximal access for the user that establishes the tree connect …
GSSAPI FIPS compliant AES encryption
Are there any plans in the pipeline to update MSFT's GSSAPI implementation to add support for AES-256 encryption? I know that no RFC currently exists for this, the strongest session key supported by the RFCs is 3DES which is deprecated. On a…