Symptoms
After you install the update that corresponds to Microsoft Security Advisory 2960358 for the .NET Framework, Internet Explorer hosted applications that have managed controls and No-Touch deployment applications may not start correctly. This behavior may only occur on Internet Explorer 9, and not on Internet Explorer 10 or Internet Explorer 11.
Cause
Microsoft Security Advisory 2960358 for the .NET Framework disables the RC4 cipher in Transport Layer Security (TLS), and updates the default from TLS 1.0 to the more secure TLS1.2 protocol. Installing the security update in some cases may result in a failure to establish a connection in order to prevent an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Workaround
2960358, customers should test this update for disabling RC4 before implementation in their environments. Although most applications will not be affected by this change, if an Internet Explorer-hosted managed application no longer works correctly, consider the following options:
As recommended in Security Advisory-
Disable RC4 on the computer. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
245030 How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll The registry key setting can be found here: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 <suite> "Enabled"=dword:0
Affected products
The information in this article applies to:
-
Microsoft .NET Framework 2.0 SP2
-
Microsoft .NET Framework 3.5
-
Microsoft .NET Framework 3.5.1
-
Microsoft .NET Framework 4
-
Microsoft .NET Framework 4.5
-
Microsoft .NET Framework 4.5.1
-
Microsoft .NET Framework 4.5.2