Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014

INTRODUCTION

Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:

https://technet.microsoft.com/security/advisory/2977292

More Information

The following files are available for download from the Microsoft Download Center.

For all supported x86-based versions of Windows 7

Download Download the package now.

For all supported x64-based versions of Windows 7

Download Download the package now.

For all supported x64-based versions of Windows Server 2008 R2

Download Download the package now.

For all supported IA-64-based versions of Windows Server 2008 R2

Download Download the package now.

For all supported x86-based versions of Windows 8

Download Download the package now.

For all supported x64-based versions of Windows 8

Download Download the package now.

For all supported x64-based versions of Windows Server 2012

Download Download the package now.

For all supported x86-based versions of Windows 8.1

Download Download the package now.

For all supported x64-based versions of Windows 8.1

Download Download the package now.

For all supported x64-based versions of Windows Server 2012 R2

Download Download the package now.

Release Date: October 14, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online servicesMicrosoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More Information

Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows RT for the Microsoft Extensible Authentication Protocol (EAP) implementation that enables the use of Transport Layer Security (TLS) 1.1 or 1.2 through the modification of the system registry. To enable TLS after you install this security update, you must add a DWORD value that is named TlsVersion to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13
The value of this registry key can be 0xC0, 0x300, 0xC00, or any OR'ed combination of these values if you want to support multiple TLS versions. The configuration can be done on both the EAP client and the EAP server.

Note If the EAP client and the EAP server are misconfigured so that there is no common configured TLS version, authentication will fail, and the user may lose the network connection. Therefore, we recommend that only IT Administrators apply these settings and that the settings are tested before deployment.

A user can manually configure the TLS version number if the server supports the corresponding TLS version.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756How to back up and restore the registry in Windows
To add these registry values, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.

  2. Locate and then click the following subkey in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13

  3. On the Edit menu, point to New, and then click DWORD Value.

  4. Type TlsVersion for the name of the DWORD, and then press Enter.

  5. Right-click TlsVersion, and then click Modify.

  6. In the Value data box, use the following values for the various versions of TLS, and then click OK.

    TLS version

    DWORD value

    TLS 1.0

    0xC0

    TLS 1.1

    0x300

    TLS 1.2

    0xC00

    Any OR'ed combination of these values will enable the corresponding protocols. By default, TLS 1.0 is enabled. If any invalid value is configured, TLS 1.0 will be used.

  7. Exit Registry Editor, and then either restart the computer or restart the EapHost service.

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.




  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.7601.18xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    GDR

    6.1.7601.22xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.1.7601.18584

372,736

04-Sep-2014

05:04

x86

Rastls.dll

6.1.7601.22792

373,248

04-Sep-2014

05:06

x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.1.7601.18584

424,448

04-Sep-2014

05:23

x64

Rastls.dll

6.1.7601.22792

425,472

04-Sep-2014

10:23

x64

Rastls.dll

6.1.7601.18584

372,736

04-Sep-2014

05:04

x86

Rastls.dll

6.1.7601.22792

373,248

04-Sep-2014

05:06

x86

For all supported IA-64-based versions of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.1.7601.18584

757,760

04-Sep-2014

04:34

IA-64

Rastls.dll

6.1.7601.22792

759,296

04-Sep-2014

04:46

IA-64

Rastls.dll

6.1.7601.18584

372,736

04-Sep-2014

05:04

x86

Rastls.dll

6.1.7601.22792

373,248

04-Sep-2014

05:06

x86


  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.16 xxx

    Windows 8 and Windows Server 2012

    RTM

    GDR

    6.2.920 0.20 xxx

    Windows 8 and Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.2.9200.17103

510,464

03-Sep-2014

02:48

x86

Rastls.dll

6.2.9200.21219

510,464

03-Sep-2014

02:34

x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.2.9200.17103

585,728

03-Sep-2014

02:21

x64

Rastls.dll

6.2.9200.21219

585,728

03-Sep-2014

02:37

x64

Rastls.dll

6.2.9200.17103

510,464

03-Sep-2014

02:48

x86

Rastls.dll

6.2.9200.21219

510,464

03-Sep-2014

02:34

x86


For all supported x86-based versions of Windows 8.1

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.3.9600.17334

514,048

04-Sep-2014

00:01

x86

Rastlsext.dll

6.3.9600.16384

10,752

22-Aug-2013

02:45

x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File name

File version

File size

Date

Time

Platform

Rastls.dll

6.3.9600.17334

590,336

04-Sep-2014

00:12

x64

Rastlsext.dll

6.3.9600.16384

12,288

22-Aug-2013

09:51

x64

Rastls.dll

6.3.9600.17334

514,048

04-Sep-2014

00:01

x86

Rastlsext.dll

6.3.9600.16384

10,752

22-Aug-2013

02:45

x86


File name

SHA1 hash

SHA256 hash

Windows6.1-KB2977292-ia64.msu

AFA7BC6007D7B5BFDD2AE40E4570E75605D5769A

DC344FB99D0CEA7DA0945B5930DBEA20A28C41CC6FDABADA7B58AC488E592694

Windows6.1-KB2977292-x64.msu

4214853D16C5420C290376668634E4346F64FDB4

63DEA65AC1C13EAC3AAFF13862C3CEDAC7A1CD2B23C65F848A6899A4317AA9A0

Windows6.1-KB2977292-x86.msu

04CF6AA80A03E28472A0F2AC036F4976A1B535B8

97130841ADBA0FFCB6DE3260644A213CE9846D35D08EBBFA82222A8FFA591CDB

Windows8-RT-KB2977292-x64.msu

263EE2767391A088B8FC2AEB44AD5228033778D6

DEDCB2D0D43B99BF30AD8D35AC4A5F0FB48E06AC11289E908DFCB75B3E8E4BC5

Windows8-RT-KB2977292-x86.msu

4774D5A1BD31A9C2D11A808DD4E65D96F5F66EAE

BE17B9CFEAACDEA00AAD5930939B008896C22ED4CAF7AC2D6C36C99986B8FF8C

Windows8.1-KB2977292-x64.msu

122BAC451DC8445F26E811533F5361BF19E1593C

52263FCA10C3900C692500F7B90DEDF099092365FE58EA0DE5B61E2229E8935C

Windows8.1-KB2977292-x86.msu

41AF4A02ED1B7F85B527CB841CE06ADE6C94F611

D34A173AEFFD4B1B740BEEB0DCDEDCB00C4C716763FFC1EFDA0D1EA5FB86DCE9


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×