This vulnerability weakens the protection on the Protected Store, but does not eliminate it. An attacker would need to gain complete administrative control over the machine that houses the Protected Store in order to gain access to it, and even then would still need to mount a brute-force cryptographic attack against it. However, customers who follow the recommended remediation for this vulnerability can ensure that such an attack would be significantly more difficult, if not impossible.
The patch package to eliminate this vulnerability contains a new version of PSBASE.DLL, the module that provides the Protected Store functionality, and a tool named Keymigrt.exe. Installing PSBASE.DLL will ensure that all future additions to the Protected Store are encrypted using the strongest cryptography available on the machine. However, the Keymigrt tool also needs to be run, in order to re-encrypt all items currently in the Protected Store. We recommend that system administrators place the Keymigrt tool into users' logon scripts to ensure that the tool is run the next time they log on.