Microsoft Open Specifications Support Team Blog

The official blog of the Engineers supporting the Microsoft Open Specifications Documentation

SMB 2 and SMB 3 security in Windows 10: the anatomy of signing and cryptographic keys

Signing is an integral security feature in SMB2 since its inception. Encryption starts in SMB3 as an...

Date: 05/26/2017

How Kerberos user-to-user authentication works?

The Kerberos user-to-user (U2U) authentication mechanism enables a client to authenticate to a...

Date: 05/24/2017

Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic

Verifying STUN Message Integrity for Lync and Skype for Business ICE Traffic Recently there have...

Date: 02/23/2016

OpenXML Styles 101 - Understanding Table Style Conditional Formatting

IntroductionThis is the second in a series of articles covering various OpenXML topics. This article...

Date: 11/06/2015

OpenXML Styles 101 - Creating Custom Styles and Understanding Style Inheritance

IntroductionThis will be the first in a series of articles on various OpenXML topics. This article...

Date: 09/16/2015

MS-OXCFXICS - How to parse the FastTransfer Stream

Note: This article was written using version 16.2 (10/30/2014) of the MS-OXCFXICS document as...

Date: 09/16/2015

SMB 3.1.1 Encryption in Windows 10

SMB 3 encryption offers data packet confidentiality and prevents an attacker from both tampering...

Date: 09/09/2015

SMB 3.1.1 Pre-authentication integrity in Windows 10

Pre-authentication integrity is one of the new SMB 3.1.1 security improvements in Windows 10 and...

Date: 08/11/2015

MS-PST - Parsing a Heap-on-Node Property Context Block

Summary This Blog will use the sample Heap-on-Node (HN) from section 3.8 of MS-PST and walk through...

Date: 05/30/2014

Extended DFS referral for SMB 3

This blog talks about site-aware DFS referral introduced in Windows Server 2012. Extended DFS...

Date: 02/21/2014

Message Analyzer

As interoperability relies mainly on the network interactionbetween systems and services, it is of...

Date: 10/10/2013

GUIDs and Endianness: {Endi-an-ne-ssInGUID} OR idnE-na-en-ssInGUID?

Hi all! I have recently received a couple inquiries regarding theway in which GUIDs are represented,...

Date: 10/08/2013

[MS-RDPEUDP] : Glance at TLS/DTLS handshake packets.

MS-RDPEUDP is a new protocol in RDP8 and operates in 2 modes : Reliable (RDP-UDP-R) and Best Efforts...

Date: 09/11/2013

Extracting a PowerPoint VBA Macro

Abstract This post of my blog responds to a request by a customer to find and extract a VBA macro in...

Date: 06/20/2013

RDPESC parser modification

Hello world! I’ve decided to write this entry to talk about twointertwined subjects: - The...

Date: 05/30/2013

PowerShell script for finding Microsoft Office legacy files

Referenced documents:[MS-CFB]: Compound File Binary File Format[MS-OLEPS]: Object Linking and...

Date: 04/08/2013

SMB 2.x and SMB 3.0 Timeouts in Windows

This blog talks about common timeouts for SMB dialects 2.x and 3.0 [MS-SMB2] in Windows. It also...

Date: 03/27/2013

NTLM and Channel Binding Hash (aka Extended Protection for Authentication)

Extended Protection for Authnetication (EPA) was introduced in Windows 7/WS2008R2 to thwart...

Date: 03/26/2013

CIFS and SMB Timeouts in Windows

This blog gives a consolidated overview of the most common SMB timeouts in Windows and their...

Date: 03/19/2013

Rich Text Format (RTF) and Watermarks

Seldom is the question asked, "Is there an RTF directive that can be used to add watermarks in RTF...

Date: 02/04/2013

How to manually decode an ActiveSync WBXML stream

OverviewActiveSync requests and responses are sent as HTTP messages. In order to reduce the size of...

Date: 02/04/2013

Determining Office Binary File Format Types

Referenced Documents: MS-CFB MS-OLEPS If you need to programmatically determine the office file type...

Date: 01/16/2013

Unencrypted MS-EVEN6 Traffic

This blog entry is intended for readers interested in generating unencrypted MS-EVEN6...

Date: 01/13/2013

Encryption in SMB 3.0: A protocol perspective

Encryption is one of the new SMB 3.0 security enhancements in Windows Server 2012 RTM. It can be...

Date: 10/05/2012

Hitchhiker’s Guide to Debugging RDP protocols: Part 2

Hitchhiker’s Guide to Debugging RDP protocols: Part 2 NOTE: Questions and comments are...

Date: 07/24/2012

SMB3 Secure Dialect Negotiation

This blog talks about secure dialect negotiation, one of the new SMB3 security enhancements in...

Date: 06/28/2012

MS-FSU: A look from the Windows interface

It is not unusual for our group to receive a question regarding Constrained Delegation and Protocol...

Date: 06/25/2012

Encryption in SMB3

SMB3 will debut in the upcoming version of Windows 8. This is a significant update from the last...

Date: 06/08/2012

Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB]

Hitchhiker’s Guide to Debugging RDP protocols: Part 1 [MS-RDPEUSB] NOTE: Questions and...

Date: 05/24/2012

MS-PST - How to decode data pages using Permutative Decoding.

The current version of the MS-PST open specification document can be found here:...

Date: 02/08/2012

Encryption Negotiation in RDP connection

Encryption Negotiation in RDP connection The RDP connections between clients and servers are...

Date: 12/07/2011

How to use the presetShapeDefinitions.xml file and fun with DrawingML.

This article deals with the content contained in ECMA-376 Part 1. The 3rd edition of ECMA-376 was...

Date: 11/14/2011

Password encryption in establishing a remote assistance session of type 1

This blog provides details on how the PassStub is used when establishing a remote assistance session...

Date: 10/31/2011

Customizing In-Box Netmon Parsers. How to edit and deploy updated Netmon Parsers.

This article will explain how to edit and deploy an “in-box”Netmon parser. By...

Date: 08/08/2011

MS-OXOCAL - How to calculate the FirstDateTime for monthly and yearly recurring appointments for the Hebrew calendar.

Alternate Calendars As you may or may not be aware, Outlook supports multiple calendars. Not only...

Date: 07/28/2011

BFFValidator Tool Goes Public

Yesterday, the Office Interoperability team announced the public release of the Beta version of the...

Date: 07/13/2011

A quick look at the new negotiation mechanism (NegoEx) used with SPNEGO in Windows 7

What is NegoEx ? Why do we need it ? Before Windows 7 was introduced, applications utilize the...

Date: 06/30/2011

Free/Busy Data in Exchange

In today’s fast-paced market, availability of an individual is increasingly important. Thus...

Date: 06/30/2011

EMF File Overview

EMF File Overview Generally, most people are familiar with two types of graphics files: bitmap and...

Date: 06/28/2011

This is how we troubleshoot Windows interoperability issues in the Open Specifications support team

Hi y’all, Sebastian from Texas here! I’ve been at the File Sharing Plugfest last week....

Date: 06/28/2011

Authentication 101

I am writing this blog in response to a need I felt when I was new to authentication in Windows. The...

Date: 06/24/2011

Incremental Change Synchronization

Incremental Change Synchronization ICS provides a means for the client to replicate changes in a...

Date: 06/20/2011

.MSG File Format, Rights Managed Email Message (Part 3)

In Part 2, I concluded my dissection of the rights managed email message example, with locating the...

Date: 06/14/2011

Exploring the CFB File Format 9

Exploring the CFB File Format 9 File SecurityDue to the nature of a compound file, a single file in...

Date: 06/10/2011

Exchange ActiveSync Provisioning

Exchange ActiveSync Provisioning EAS Provisioning is a means to download and apply devices on an...

Date: 06/09/2011

Exploring the CFB File Format 8

Exploring the CFB File Format 8 Range Lock Sectors A range lock sector is a part of a CFB file that...

Date: 06/09/2011

Exploring the CFB File Format 7

Exploring the CFB File Format 7 ------------------------------- [- Red-Black Trees -] As we have...

Date: 06/09/2011

Troubleshooting with the Microsoft Exchange RPC Extractor (or, the case of the mysterious Inbox sync)

If you were not already familiar with decoding Exchange Server to Client communication, or have done...

Date: 06/07/2011

Windows Configurations for Kerberos Supported Encryption Type

In one of my previous...

Date: 05/30/2011

Decrypting SSTP traffic with Netmon and NMDecrypt

Intro I have recently received some inquiries about [MS-SSTP]. I must admit that I had to review...

Date: 05/23/2011

Next>