Microsoft warns of problems with Schannel security update

Microsoft warns of problems with Schannel security update

تاریخ ایجاد

ID: IRCNE2014112377
Date: 2014-11-18

According to “ZDNet”, Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.
The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.
But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."
In addition to the security updates, the MS14-066 update includes some new features: four ciphers for TLS. These ciphers are somehow the cause of the problem. To work around the problem, delete the four new ciphers:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

For specific instructions on how to do this see the KB article.

برچسب‌ها