Microsoft warns of problems with Schannel security update

A Guy · Nov 16, 2014

Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.

The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.

But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."

Source

A Guy

Borg 386 · Nov 17, 2014

Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.

The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.

But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."

Microsoft warns of problems with Schannel security update | ZDNet

ThrashZone · Nov 17, 2014

Thanks for the heads up

groze · Nov 21, 2014

Do this affect users that pay bills online? Is this the out of bound update? Is it just I.E.?

Dallas 7 · Nov 23, 2014

I read it twice and I still don't understand it. They put out a harmful update and they expect all of us to download it? Why would anyone want to download a mess like that?
They're not planning an update to fix it? Am I missing something here or what?

A Guy · Nov 23, 2014

Microsoft reissues fixed Schannel update

Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.

In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.

It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.

Source

A Guy

groze · Nov 23, 2014

A Guy said:
Microsoft reissues fixed Schannel update

Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.

In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.

It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.

Click to expand...

Source

A Guy

A Guy,

What is not really clear, is how to install the update for the update. I am not so sure myself.

2992611-x??.msu
3018238-x??.msu

https://support.microsoft.com/kb/2992611

Plus it won't let you check them. I think if you have 2992611 you don't need to install 2992611 you just need to install 3018238. Right now I think those download are being blocked. I think this just applies to Internet explorer but I am not sure. Do you know where you can download 3018238, I have 2992611?

Another alternative you might be able to disable TLS in Internet explorer but that may not be a good idea.

A Guy · Nov 23, 2014

If you installed the update, and are on 7, you don't need to do anything. The problem did not seem to be with 7

Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.

A Guy

matts6887 · Nov 23, 2014

Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how the heck can Microsoft put out a download that can cause these issues and expect us to download and install it

groze · Nov 23, 2014

matts6887 said:
Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how can Microsoft put out a download that can cause these issues and expect us to download and install it

matts6887

That update is different. I notice I already had 2992611 installed but don't have the 3018238 installed. The way Guy is talking, it doesn't affect windows 7 users.

If I am correct, this update should be installed.

MS14-068: Vulnerability in Kerberos could allow elevation of privilege: November 18, 2014

Phone Man · Nov 23, 2014

If your read the MS advisory it only affects Windows Server 2008 R2 or Windows Server 2012.

If you already have security update 2992611 installed, you will notice that security update 2992611 will be reoffered (for Windows Server 2008 R2 or Windows Server 2012 only) by Windows Update

This new version includes 3018238 in the package.

Jim

Dallas 7 · Nov 24, 2014

Thanks Guy. I read further down into your "source" link and it sounds like it's been handled. Some of the info was indeed confusing, but it sounds like it's taken care of now. I'm going to go ahead and download it.

Dallas 7 · Nov 28, 2014

I downloaded that update a few days ago, everything seems to be running fine.

Microsoft warns of problems with Schannel security update

Righteous Dude

My Computer

ADHD Senior Member

My Computer

R.I.P. Britton30=Gary

My Computer

Tester

My Computer

New member

My Computer

Righteous Dude

My Computer

Tester

My Computer

Righteous Dude

My Computer

computer support geek

My Computer

Tester

My Computer

Retired Bell Head

My Computer

New member

My Computer

New member

My Computer

Similar threads