Number: IRCNE2014112380
Date: 2014/11/18
According to “zdnet”, Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.
In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.
It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
As detailed in the update KB article, a new secondary update package has been added for Windows Server 2008 R2 and Windows Server 2012. This update will appear as #3018238 in the usual distribution channels and install automatically with the security update for MS14-066. If you already have the MS14-066 update installed, it will be reoffered to make sure that the new cipher update is installed.
If you downloaded this update from the Download Center for either Windows Server 2008 R2 or Windows Server 2012 and then applied it, Microsoft recommends that you also reinstall it from the Download Center. In the Download Center you will need to check boxes for updates 2992611 and 3018238. Applying these new updates will require two reboots.
- 2