MS15-031: Vulnerability in SChannel could allow security feature bypass: March 10, 2015

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

Summary


This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. This vulnerability could allow a man-in-the-middle (MiTM) attacker to force the key length of an RSA key to be downgraded to EXPORT-grade length in a TLS connection. Any Windows system that uses Schannel to connect to a remote TLS server by using an insecure cipher suite is affected.

Introduction


Microsoft has released security bulletin MS15-031. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information


Known issues with this security update

  • If you applied the workaround that was documented in Microsoft Security Advisory 3046015, some internet services may no longer work. To avoid this issue, undo the workaround before you install this security update. To undo the workaround, follow these steps: 
    1. Start the Group Policy Object Editors. To do this, type gpedit.msc at a command prompt, and then press Enter.
    2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.
    3. Under SSL Configuration Settings, double-click SSL Cipher Suite Order.
    4. In the SSL Cipher Suite Order window, select Disabled, and then click OK.
    5. Close the Group Policy Object Editor, and then restart your computer.

File information


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.