Microsoft MS14-066: SChannel Security Update Fixes Vulnerability, Causes Instability - How to, Technology and PC Security Forum | SensorsTechForum.com

Microsoft MS14-066: SChannel Security Update Fixes Vulnerability, Causes Instability

Ad

SCAN YOUR PC
with SpyHunter

See if your system has been affected
Note! Your computer might been affected by and other threats.
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .
Keep in mind, that SpyHunter needs to purchased to remove the malware threats. Click on the corresponding links to check SpyHunter’s EULA and Privacy Policy.

MS14-066Microsoft has recently warned the PC users about certain problems with the SChannel Security Update. It was announced that the SChannel vulnerability contains new TLS ciphers that are causing the problems. The company has offered a workaround, however the users are not recommended to avoid the update or uninstall it if the problems occur.

The SChannel security update fixes at least one of the SChannel critical vulnerabilities – the SSL/TLS encryption implementation by Microsoft. This has been considered to be very critical and the users have been urged to apply the update as soon as possible.

Some users who had applied the update, however, faced some serious problems. Certain issues occurred in those configurations where TLS 1.2 is enabled by default and the negotiations have failed. The Microsoft experts say that when the TLS 1.2 connections drop, several things can happen – the processes stop responding and the services become unresponsive for a certain period. In case of those events, a system event ID 36887 could appear in the System event log stating a fatal error ‘A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.’

The MS14-066 update brings some new features as well and these are four ciphers for TLS. It seems that these four ciphers are causing the problem, thus in order to work around it, the users need to delete them. The names of the four ciphers are:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

Still, the SChannel security update remains unclear. Microsoft has made several references to this update, other experts confirm that the update fixes one or several vulnerabilities which have been reported by users or found thanks to internal tests. In addition to that, the security bulletin is not very detailed on the vulnerability specifics.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...