Summary: By default, Internet Explorer on Windows client systems supports SSL version 3.0, the version recently found vulnerable to attack. Now there's another way to turn it off.
By Larry Seltzer for Zero Day | October 29, 2014
Image: Richard Melick at Webroot.
Microsoft has released a Fix It to disable the feature which was the subject of the POODLE attack. The Fix It, a program which implements changes in the registry, makes the process simpler than the alternatives.
POODLE is the name given to a vulnerability in SSL version 3.0 found earlier this month by a Google researcher. SSL was supplanted by TLS and the current version is 1.2, but systems may fall back to older versions if the server does not support the newer ones.
POODLE is a design flaw in SSL/TLS and so there is no patch to fix the bug. Instead, vendors are disabling support for SSL 3.0, a protocol which is old and deprecated anyway. The number of server systems which require SSL 3.0 is said to be small, but users of those servers will start having problems connecting as client systems begin to have their SSL 3.0 support removed.
Full Article
Today, we revised Security Advisory 3009008 to provide an easy, one-click Fix it for customers to disable SSL 3.0 in all supported versions of Internet Explorer (IE).
Security Advisory 3009008 revised - MSRC - Site Home - TechNet Blogs
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.