Microsoft has recently warned the PC users about certain problems with the SChannel Security Update. It was announced that the SChannel vulnerability contains new TLS ciphers that are causing the problems. The company has offered a workaround, however the users are not recommended to avoid the update or uninstall it if the problems occur.
The SChannel security update fixes at least one of the SChannel critical vulnerabilities – the SSL/TLS encryption implementation by Microsoft. This has been considered to be very critical and the users have been urged to apply the update as soon as possible.
Some users who had applied the update, however, faced some serious problems. Certain issues occurred in those configurations where TLS 1.2 is enabled by default and the negotiations have failed. The Microsoft experts say that when the TLS 1.2 connections drop, several things can happen – the processes stop responding and the services become unresponsive for a certain period. In case of those events, a system event ID 36887 could appear in the System event log stating a fatal error ‘A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.’
The MS14-066 update brings some new features as well and these are four ciphers for TLS. It seems that these four ciphers are causing the problem, thus in order to work around it, the users need to delete them. The names of the four ciphers are:
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
Still, the SChannel security update remains unclear. Microsoft has made several references to this update, other experts confirm that the update fixes one or several vulnerabilities which have been reported by users or found thanks to internal tests. In addition to that, the security bulletin is not very detailed on the vulnerability specifics.