Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014

INTRODUCTION
Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
More information
The following files are available for download from the Microsoft Download Center.

For all supported x86-based versions of Windows 7

DownloadDownload the package now.

For all supported x64-based versions of Windows 7

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2008 R2

DownloadDownload the package now.

For all supported IA-64-based versions of Windows Server 2008 R2

DownloadDownload the package now.

For all supported x86-based versions of Windows 8

DownloadDownload the package now.

For all supported x64-based versions of Windows 8

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2012

DownloadDownload the package now.

For all supported x86-based versions of Windows 8.1

DownloadDownload the package now.

For all supported x64-based versions of Windows 8.1

DownloadDownload the package now.

For all supported x64-based versions of Windows Server 2012 R2

DownloadDownload the package now.

Release Date: October 14, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
More information
Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows RT for the Microsoft Extensible Authentication Protocol (EAP) implementation that enables the use of Transport Layer Security (TLS) 1.1 or 1.2 through the modification of the system registry. To enable TLS after you install this security update, you must add a DWORD value that is named TlsVersion to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13
The value of this registry key can be 0xC0, 0x300, 0xC00, or any OR'ed combination of these values if you want to support multiple TLS versions. The configuration can be done on both the EAP client and the EAP server.

Note If the EAP client and the EAP server are misconfigured so that there is no common configured TLS version, authentication will fail, and the user may lose the network connection. Therefore, we recommend that only IT Administrators apply these settings and that the settings are tested before deployment.

A user can manually configure the TLS version number if the server supports the corresponding TLS version.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756How to back up and restore the registry in Windows

To add these registry values, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type TlsVersion for the name of the DWORD, and then press Enter.
  5. Right-click TlsVersion, and then click Modify.
  6. In the Value data box, use the following values for the various versions of TLS, and then click OK.
    TLS versionDWORD value
    TLS 1.00xC0
    TLS 1.10x300
    TLS 1.2 0xC00
    Any OR'ed combination of these values will enable the corresponding protocols. By default, TLS 1.0 is enabled. If any invalid value is configured, TLS 1.0 will be used.
  7. Exit Registry Editor, and then either restart the computer or restart the EapHost service.
FILE INFORMATION
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows 7 and Windows Server 2008 R2 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.1.7601.18584372,73604-Sep-201405:04x86
Rastls.dll6.1.7601.22792373,24804-Sep-201405:06x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.1.7601.18584424,44804-Sep-201405:23x64
Rastls.dll6.1.7601.22792425,47204-Sep-201410:23x64
Rastls.dll6.1.7601.18584372,73604-Sep-201405:04x86
Rastls.dll6.1.7601.22792373,24804-Sep-201405:06x86

For all supported IA-64-based versions of Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.1.7601.18584757,76004-Sep-201404:34IA-64
Rastls.dll6.1.7601.22792759,29604-Sep-201404:46IA-64
Rastls.dll6.1.7601.18584372,73604-Sep-201405:04x86
Rastls.dll6.1.7601.22792373,24804-Sep-201405:06x86

Windows 8 and Windows Server 2012 file information

  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.16 xxxWindows 8 and Windows Server 2012RTMGDR
    6.2.920 0.20 xxxWindows 8 and Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.2.9200.17103510,46403-Sep-201402:48x86
Rastls.dll6.2.9200.21219510,46403-Sep-201402:34x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.2.9200.17103585,72803-Sep-201402:21x64
Rastls.dll6.2.9200.21219585,72803-Sep-201402:37x64
Rastls.dll6.2.9200.17103510,46403-Sep-201402:48x86
Rastls.dll6.2.9200.21219510,46403-Sep-201402:34x86

Windows 8.1 and Windows Server 2012 R2 file information

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.3.9600.17334514,04804-Sep-201400:01x86
Rastlsext.dll6.3.9600.1638410,75222-Aug-201302:45x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatform
Rastls.dll6.3.9600.17334590,33604-Sep-201400:12x64
Rastlsext.dll6.3.9600.1638412,28822-Aug-201309:51x64
Rastls.dll6.3.9600.17334514,04804-Sep-201400:01x86
Rastlsext.dll6.3.9600.1638410,75222-Aug-201302:45x86

File hash information

File nameSHA1 hashSHA256 hash
Windows6.1-KB2977292-ia64.msuAFA7BC6007D7B5BFDD2AE40E4570E75605D5769ADC344FB99D0CEA7DA0945B5930DBEA20A28C41CC6FDABADA7B58AC488E592694
Windows6.1-KB2977292-x64.msu4214853D16C5420C290376668634E4346F64FDB463DEA65AC1C13EAC3AAFF13862C3CEDAC7A1CD2B23C65F848A6899A4317AA9A0
Windows6.1-KB2977292-x86.msu04CF6AA80A03E28472A0F2AC036F4976A1B535B897130841ADBA0FFCB6DE3260644A213CE9846D35D08EBBFA82222A8FFA591CDB
Windows8-RT-KB2977292-x64.msu263EE2767391A088B8FC2AEB44AD5228033778D6DEDCB2D0D43B99BF30AD8D35AC4A5F0FB48E06AC11289E908DFCB75B3E8E4BC5
Windows8-RT-KB2977292-x86.msu4774D5A1BD31A9C2D11A808DD4E65D96F5F66EAEBE17B9CFEAACDEA00AAD5930939B008896C22ED4CAF7AC2D6C36C99986B8FF8C
Windows8.1-KB2977292-x64.msu122BAC451DC8445F26E811533F5361BF19E1593C52263FCA10C3900C692500F7B90DEDF099092365FE58EA0DE5B61E2229E8935C
Windows8.1-KB2977292-x86.msu41AF4A02ED1B7F85B527CB841CE06ADE6C94F611D34A173AEFFD4B1B740BEEB0DCDEDCB00C4C716763FFC1EFDA0D1EA5FB86DCE9
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2977292 - Last Review: 04/06/2015 21:26:00 - Revision: 2.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows RT, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1

  • kbexpertiseinter kbregistry kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbmsifixme kbfixme KB2977292
Feedback