SChannel and MS14-066

So, Microsoft rolls out a critical patch to fix a vulnerability in SChannel that could allow remote code execution. That patch also includes four new cipher suites (GCM) for TLS v1.2.

Three days later, the KB article is updated stating that some problems may exist on scenarios where TLS v1.2 is used. What?! Also, some other issues are being reported. The patch could just fix the vulnerability; instead it includes some new stuff that apparently is causing problems and the fix is disabling that new stuff. Way to go!

Edit 1: Disabling the new cipher suites does solve the TLS v1.2 problem for now…

Edit 2: Meanwhile, Microsoft rolled out a secondary package that removes the troublesome cipher suites and can be installed along with the previous update.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s