cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Security Advisory Notification Issued: June 19, 2014

Highlighted
Gold VIP
Microsoft Windows
Webroot

Microsoft Security Advisory Notification Issued: June 19, 2014

********************************************************************

Title: Microsoft Security Advisory Notification Issued: June 19,2014

 

********************************************************************

 

Security Advisories Updated or Released Today ===================

 

* Microsoft Security Advisory (2960358)

- Title: Update for Disabling RC4 in .NET TLS

- https://technet.microsoft.com/library/security/2960358

- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.

 

Daniel

 


Gold.gif EPA.gif  ambassadorsig.png


2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security  beta_tester_transparent.png

5 REPLIES
Community Guide

Re: Microsoft Security Advisory Notification Issued: June 19, 2014


TripleHelix wrote:

********************************************************************

Title: Microsoft Security Advisory Notification Issued: June 19,2014

 

********************************************************************

 

Security Advisories Updated or Released Today ===================

 

* Microsoft Security Advisory (2960358)

- Title: Update for Disabling RC4 in .NET TLS

- https://technet.microsoft.com/library/security/2960358

- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.

 

Daniel


Being completely tech challenged, what does this mean for security?  What is this supposed to do for our systems?

Community Guide

Gold VIP
Microsoft Windows
Webroot

Re: Microsoft Security Advisory Notification Issued: June 19, 2014

Well these are release by Microsoft but we WSA users have no problem as we are protected see what it says here in the article:

 

Executive Summary

Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

 

And WSA's Identity Shield does protect us from man-in-the-middle attacks see the picture below!

 

Hope that helps,

 

Daniel Smiley Wink

 

2014-05-07_14-37-48.png

 

 


Gold.gif EPA.gif  ambassadorsig.png


2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security  beta_tester_transparent.png

Community Guide

Re: Microsoft Security Advisory Notification Issued: June 19, 2014

From what I understood the update disables RC4-encryption for TLS as it's not secure anymore.

You would only be affected if you had a .net application which used RC4.

 

http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disabl...

Community Guide



-Webroot Endpoint Protection user-
Gold VIP
Microsoft Windows
Webroot

Re: Microsoft Security Advisory Notification Issued: June 19, 2014

Correct and thanks for the link!

 

Cheers,

 

Daniel Smiley Wink

 


Gold.gif EPA.gif  ambassadorsig.png


2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security  beta_tester_transparent.png

Community Guide

Re: Microsoft Security Advisory Notification Issued: June 19, 2014

Also thanks for mentioning that WSA blocks MITM attacks Smiley Wink

Community Guide



-Webroot Endpoint Protection user-