Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft fixes critical crypto flaw, strengthens encryption for older systems

Lucian Constantin | Nov. 13, 2014
A vulnerability in the Microsoft SChannel component could expose servers to remote code execution attacks.

Before this new update, the GCM cipher suites with PFS were previously only available on Windows 8.1 and Windows Server 2012 R2.

"While this enhanced data protection is already included for those running the latest platform, the reality is that many of our customers have not yet upgraded their platforms or are in the process," said Matt Thomlinson, vice president for Microsoft Security, in a blog post. "Through a comprehensive engineering effort and extensive testing, we are now also able to offer best-in-class encryption to our customers running older versions of our platforms."

However, it's not all older versions, but only Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012. Although the MS14-066 security patch (KB2992611) is available for Windows Vista and Windows Server 2003 as well, those platforms were not among those enumerated by Thomlinson as also getting the new ciphers.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.