Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014

Koskee seuraavia: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials

INTRODUCTION


Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:

More Information


The following files are available for download from the Microsoft Download Center.

For all supported x86-based versions of Windows 7

Download Download the package now.

For all supported x64-based versions of Windows 7

Download Download the package now.

For all supported x64-based versions of Windows Server 2008 R2

Download Download the package now.

For all supported IA-64-based versions of Windows Server 2008 R2

Download Download the package now.

For all supported x86-based versions of Windows 8

Download Download the package now.

For all supported x64-based versions of Windows 8

Download Download the package now.

For all supported x64-based versions of Windows Server 2012

Download Download the package now.

For all supported x86-based versions of Windows 8.1

Download Download the package now.

For all supported x64-based versions of Windows 8.1

Download Download the package now.

For all supported x64-based versions of Windows Server 2012 R2

Download Download the package now.

Release Date: October 14, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More Information


Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows RT for the Microsoft Extensible Authentication Protocol (EAP) implementation that enables the use of Transport Layer Security (TLS) 1.1 or 1.2 through the modification of the system registry. To enable TLS after you install this security update, you must add a DWORD value that is named TlsVersion to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13
The value of this registry key can be 0xC0, 0x300, 0xC00, or any OR'ed combination of these values if you want to support multiple TLS versions. The configuration can be done on both the EAP client and the EAP server.

Note If the EAP client and the EAP server are misconfigured so that there is no common configured TLS version, authentication will fail, and the user may lose the network connection. Therefore, we recommend that only IT Administrators apply these settings and that the settings are tested before deployment.

A user can manually configure the TLS version number if the server supports the corresponding TLS version.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

To add these registry values, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type TlsVersion for the name of the DWORD, and then press Enter.
  5. Right-click TlsVersion, and then click Modify.
  6. In the Value data box, use the following values for the various versions of TLS, and then click OK.
    TLS versionDWORD value
    TLS 1.00xC0
    TLS 1.10x300
    TLS 1.2 0xC00
    Any OR'ed combination of these values will enable the corresponding protocols. By default, TLS 1.0 is enabled. If any invalid value is configured, TLS 1.0 will be used.
  7. Exit Registry Editor, and then either restart the computer or restart the EapHost service.

FILE INFORMATION


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.