Microsoft warns of problems with Schannel security update
Microsoft warns of problems with Schannel security update
Posted: 16 Nov 2014
Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.
The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.
But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."
Microsoft warns of problems with Schannel security update
Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it.
The update fixed at least one critical vulnerability in Schannel, Microsoft's implementation of SSL/TLS encryption. It has widely been considered highly critical and last week we urged users to apply the update as soon as possible.
But some users who apply the update are having serious problems. The issues occur in configurations in which TLS 1.2 is enabled by default and negotiations fail. When this happens, according to Microsoft, "TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive." There may also be an event ID 36887 in the System event log withe description "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40."
Computer Type: PC/Desktop System Manufacturer/Model Number: Dell Hell oh Well OS: Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10 CPU: Intel Core 2 Duo 2.93GHz Memory: Not much with my ADHD Graphics Card: ATI Radeon HD 4350 Monitor(s) Displays: 24" HDTV/Monitor Screen Resolution: Blurry after a Scotch or 2 Keyboard: Saitek Cyborg Mouse: 10 yr old MS optical mouse that still works Case: Don't get on my case...man :D Cooling: I have an Air Conditioner & Diet Pepsi Hard Drives: 1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals Internet Speed: Never fast enough Browser: Various Antivirus: Various
Computer Type: PC/Desktop System Manufacturer/Model Number: Dell All in one Inspiron 2020 OS: W10 32 bit, XUbuntu 18.xx 64 bit CPU: Intel(R) Celeron(R) CPU G1620T @ 2.40GHz, 2400 Mhz Motherboard: Dell Memory: 4GB Graphics Card: Intel HD graphics Sound Card: High Definition Audio Device Monitor(s) Displays: 20 inch Screen Screen Resolution: W7=1280 x 720 & Linux Mint Xfce=1360 x 768 Keyboard: Usb Mouse: Usb Hard Drives: 500 GB hard drive Internet Speed: High-Speed Browser: Main Browser Firefox Antivirus: MSE Other Info: I have done a clean install of Windows 7 using Dell re-installation disk (Dell sent me one). I also use Free Macrium reflect backup and restore.
I read it twice and I still don't understand it. They put out a harmful update and they expect all of us to download it? Why would anyone want to download a mess like that?
They're not planning an update to fix it? Am I missing something here or what?
Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.
In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.
It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.
In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.
It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.
Plus it won't let you check them. I think if you have 2992611 you don't need to install 2992611 you just need to install 3018238. Right now I think those download are being blocked. I think this just applies to Internet explorer but I am not sure. Do you know where you can download 3018238, I have 2992611?
Another alternative you might be able to disable TLS in Internet explorer but that may not be a good idea.
Computer Type: PC/Desktop System Manufacturer/Model Number: Dell All in one Inspiron 2020 OS: W10 32 bit, XUbuntu 18.xx 64 bit CPU: Intel(R) Celeron(R) CPU G1620T @ 2.40GHz, 2400 Mhz Motherboard: Dell Memory: 4GB Graphics Card: Intel HD graphics Sound Card: High Definition Audio Device Monitor(s) Displays: 20 inch Screen Screen Resolution: W7=1280 x 720 & Linux Mint Xfce=1360 x 768 Keyboard: Usb Mouse: Usb Hard Drives: 500 GB hard drive Internet Speed: High-Speed Browser: Main Browser Firefox Antivirus: MSE Other Info: I have done a clean install of Windows 7 using Dell re-installation disk (Dell sent me one). I also use Free Macrium reflect backup and restore.
Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how the heck can Microsoft put out a download that can cause these issues and expect us to download and install it
Computer Type: PC/Desktop System Manufacturer/Model Number: custom built OS: Windows 7 ultimate 64-bit CPU: Intel I7 2600K 3.4ghz Motherboard: Asus Evo P8P67 Memory: Corsair 16gb ddr3 1600mhz Graphics Card: Nvidia Geforce gt 430 Sound Card: Sound Blaster Titanium x-fi pci express Monitor(s) Displays: Dell E198WFP Keyboard: logitech mk700 Mouse: logitech m705 PSU: Antec 1200 watt Case: Inwin Dragon Rider Cooling: 6 case supplied cooling fans Hard Drives: 1 western digital 2TB drive. Internet Speed: 25-50mbps download; 10mbps upload(i think) Browser: mozilla firefox Antivirus: avg free 2014 Other Info: Also have a pretty bad speaker setup which is a klipsch promedia 5.1 surround speaker setup with huge subwoofer and lg blu ray player/writer. Also a hp officejet pro 8600 plus wireless all in one and a logitech s7500 webcam.
Well; I did get a notice that there is a update for windows waiting to be installed; however; now that i see this; Im probably not going to install it because the last thing i need is to have issues where windows will hang, etc. as im sure others feel the same way. My ? is how can Microsoft put out a download that can cause these issues and expect us to download and install it
matts6887
That update is different. I notice I already had 2992611 installed but don't have the 3018238 installed. The way Guy is talking, it doesn't affect windows 7 users.
Computer Type: PC/Desktop System Manufacturer/Model Number: Dell All in one Inspiron 2020 OS: W10 32 bit, XUbuntu 18.xx 64 bit CPU: Intel(R) Celeron(R) CPU G1620T @ 2.40GHz, 2400 Mhz Motherboard: Dell Memory: 4GB Graphics Card: Intel HD graphics Sound Card: High Definition Audio Device Monitor(s) Displays: 20 inch Screen Screen Resolution: W7=1280 x 720 & Linux Mint Xfce=1360 x 768 Keyboard: Usb Mouse: Usb Hard Drives: 500 GB hard drive Internet Speed: High-Speed Browser: Main Browser Firefox Antivirus: MSE Other Info: I have done a clean install of Windows 7 using Dell re-installation disk (Dell sent me one). I also use Free Macrium reflect backup and restore.
Quote