Microsoft Security Advisory Notification Issued: June 19, 2014

  • 20 June 2014
  • 5 replies
  • 1776 views

Userlevel 7
Badge +56
********************************************************************
Title: Microsoft Security Advisory Notification Issued: June 19,2014
 
********************************************************************
 
Security Advisories Updated or Released Today ===================
 
* Microsoft Security Advisory (2960358)
- Title: Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
 
Daniel

5 replies

Userlevel 6
@ wrote:
********************************************************************
Title: Microsoft Security Advisory Notification Issued: June 19,2014
 
********************************************************************
 
Security Advisories Updated or Released Today ===================
 
* Microsoft Security Advisory (2960358)
- Title: Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
- Revision Note: V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
 
Daniel
Being completely tech challenged, what does this mean for security?  What is this supposed to do for our systems?
Userlevel 7
Badge +56
Well these are release by Microsoft but we WSA users have no problem as we are protected see what it says here in the article:
 

Executive Summary

Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
 
And WSA's Identity Shield does protect us from man-in-the-middle attacks see the picture below!
 
Hope that helps,
 
Daniel ;)
 


 
Userlevel 6
From what I understood the update disables RC4-encryption for TLS as it's not secure anymore.
You would only be affected if you had a .net application which used RC4.
 
http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
Userlevel 7
Badge +56
Correct and thanks for the link!
 
Cheers,
 
Daniel 😉
Userlevel 6
Also thanks for mentioning that WSA blocks MITM attacks 😉

Reply