********************************************************************
Title: Microsoft Security Advisory Notification Issued: June 19,2014
********************************************************************
Security Advisories Updated or Released Today ===================
* Microsoft Security Advisory (2960358)
- Title: Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
Daniel
Userlevel 6
Being completely tech challenged, what does this mean for security? What is this supposed to do for our systems?@ wrote:
********************************************************************
Title: Microsoft Security Advisory Notification Issued: June 19,2014
********************************************************************
Security Advisories Updated or Released Today ===================
* Microsoft Security Advisory (2960358)
- Title: Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
Daniel
Well these are release by Microsoft but we WSA users have no problem as we are protected see what it says here in the article:
And WSA's Identity Shield does protect us from man-in-the-middle attacks see the picture below!
Hope that helps,
Daniel ;)
Executive Summary
Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.And WSA's Identity Shield does protect us from man-in-the-middle attacks see the picture below!
Hope that helps,
Daniel ;)
Userlevel 6
From what I understood the update disables RC4-encryption for TLS as it's not secure anymore.
You would only be affected if you had a .net application which used RC4.
http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
You would only be affected if you had a .net application which used RC4.
http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
Userlevel 6
Also thanks for mentioning that WSA blocks MITM attacks 😉
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.