Executive Summary

Summary
Title Microsoft Security Advisory 3042058
Informations
Name KB3042058 First vendor Publication 2015-05-12
Vendor Microsoft Last vendor Modification 2015-10-13
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Security Advisory 3042058

Update to Default Cipher Suite Priority Order

Published: May 12, 2015 | Updated: October 13, 2015

Version: 1.1

Executive Summary

On May 12, 2015, Microsoft announced the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update added additional cipher suites to the default list on affected systems and improved cipher suite priority ordering. The improvements were in keeping with ongoing efforts to bolster the effectiveness of encryption in Windows operating systems.

Microsoft initially offered the update via the Microsoft Download Center (DLC) only in order to give customers the opportunity to test the new features before making them a default part of their environments.

With the October 13, 2015 revision of this advisory, Microsoft is announcing that in addition to the DLC option, the 3042058 update is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS).

For additional details and deployment guidance, see Microsoft Knowledge Base Article 3042058.

Affected Software

Operating System

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows Server 2012

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012 R2

Server Core installation option

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Advisory FAQ

What is the scope of the advisory?
The purpose of this advisory is to notify customers of an available update that is part of Microsofts ongoing efforts to bolster the effectiveness of security controls in Windows.

What does the update do?
The update adds the following cryptographic cipher suites to the default list in all affected operating systems and includes improvements to the cipher suite priority ordering.

Cipher Suites Added by the Update

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256

What do these cipher suites do?
The cipher suites add support for Perfect Forward Secrecy (PFS). While providing enhanced security, PFS could have a noticeable effect on system performance in some scenarios due to its higher computing requirements. For more information, see Microsoft Knowledge Base Article 3042058.

What internal testing should be done with respect to this update?
Any applications, including Internet Explorer, IIS, SQL Server, or Exchange Server, that use Schannel to implement or negotiate SSL/TLS connections should be tested thoroughly. Especially scenarios where a large number of simultaneous connections are made, such as with web or database servers that host many users, or edge servers that handle many secure connections and forward them to internal servers. All existing SSL/TLS applications should behave as expected. Note that although the new cipher suites are more secure, they are likely to be more resource intensive. Therefore, customers should test for an increase in resource consumption when the number of SSL/TLS connections scales up (in both server and client scenarios).

Other Information

Feedback

  • You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.

Support

  • Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
  • Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (May 12, 2015): Advisory published.
  • V1.1 (October 13, 2015): Advisory revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). This is an update offering venue change only. There were no changes to the update files. Customers who have already successfully installed the update do not need to take any action.

Page generated 2015-10-07 11:07-07:00.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/3042058.mspx

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2016-04-09 13:20:55
  • First insertion