Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft warns of problems with Schannel security update

16 Nov 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Microsoft warns of problems with Schannel security update

Quote:
Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.

The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.

But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."
Source

A Guy


My System SpecsSystem Spec
.
17 Nov 2014   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 
Microsoft warns of problems with Schannel security update

Quote:
Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.

The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.

But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."
Microsoft warns of problems with Schannel security update | ZDNet
My System SpecsSystem Spec
17 Nov 2014   #3
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Thanks for the heads up
My System SpecsSystem Spec
.

21 Nov 2014   #4
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Do this affect users that pay bills online? Is this the out of bound update? Is it just I.E.?
My System SpecsSystem Spec
23 Nov 2014   #5
Dallas 7

Windows 7 Pro x64
 
 

I read it twice and I still don't understand it. They put out a harmful update and they expect all of us to download it? Why would anyone want to download a mess like that?
They're not planning an update to fix it? Am I missing something here or what?
My System SpecsSystem Spec
23 Nov 2014   #6
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Microsoft reissues fixed Schannel update

Quote:
Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.

In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.

It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
Source

A Guy
My System SpecsSystem Spec
23 Nov 2014   #7
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Quote   Quote: Originally Posted by A Guy View Post
Microsoft reissues fixed Schannel update

Quote:
Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.

In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.

It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
Source

A Guy

A Guy,

What is not really clear, is how to install the update for the update. I am not so sure myself.

2992611-x??.msu
3018238-x??.msu

https://support.microsoft.com/kb/2992611

Plus it won't let you check them. I think if you have 2992611 you don't need to install 2992611 you just need to install 3018238. Right now I think those download are being blocked. I think this just applies to Internet explorer but I am not sure. Do you know where you can download 3018238, I have 2992611?


Another alternative you might be able to disable TLS in Internet explorer but that may not be a good idea.
My System SpecsSystem Spec
23 Nov 2014   #8
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

If you installed the update, and are on 7, you don't need to do anything. The problem did not seem to be with 7

Quote:
Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
A Guy
My System SpecsSystem Spec
23 Nov 2014   #9
matts6887

Windows 7 ultimate 64-bit
 
 

Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how the heck can Microsoft put out a download that can cause these issues and expect us to download and install it
My System SpecsSystem Spec
23 Nov 2014   #10
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Quote   Quote: Originally Posted by matts6887 View Post
Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how can Microsoft put out a download that can cause these issues and expect us to download and install it
matts6887

That update is different. I notice I already had 2992611 installed but don't have the 3018238 installed. The way Guy is talking, it doesn't affect windows 7 users.

If I am correct, this update should be installed.

MS14-068: Vulnerability in Kerberos could allow elevation of privilege: November 18, 2014
My System SpecsSystem Spec
Reply

 Microsoft warns of problems with Schannel security update




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Update error 8007005 with microsoft security essentials update
Today it was an attempt to update Microsoft Security Essentials. Error code 80070005. Aaaaarrrggghhh
Windows Updates & Activation
Microsoft warns against Windows XP security update hack
Source A Guy
News
IE problems (Microsoft Security affected too)
I had to post this here because nothing from the sections indicated to me where to put it instead of here: my IE started to become slow and I think my Microsoft Security Essentials is connected in some way (or it's something else, and that's connected to what's going on to these two). My IE started...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App