Microsoft does it again, botches KB 2992611 SChannel patch (2024)

Microsoft does it again, botches KB 2992611 SChannel patch (1)

byWoody Leonhard


news analysis

Nov 17, 20144 mins

Patch Management SoftwareSmall and Medium BusinessSoftware Development

Last Tuesday's MS14-066 causes some servers to inexplicably hang, AWS or IIS to break, and Microsoft Access to roll over and play dead

Last week the patching world was afire with dire warnings to immediately install MS14-066/KB 2992611. That’s the SChannel patch — the one that BBC mixed up with a 19-year-old security hole, thus prompting enormous confusion, spread all over the Internet. If you followed the sky-is-falling admonitions (and ignored my entreaty to hold off for a bit), you may now be sitting in deep data do-do.

MS14-066/KB 2992611 was rolled out the automatic update chute this past Black Tuesday, Nov. 11, targeted to every Vista, Windows 7, Windows 8/8.1, and Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2 machine. What went wrong?

First, there’s the problem that Microsoft has publicly acknowledged. KB 2992611 has been updated with a warning that, in certain situations where TLS 1.2 is enabled by default:

TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive. You may also receive an error message that resembles the following in the System log in Event Viewer:

Log Name: System Source: Schannel Date: Date and time Event ID: 36887 Task Category: None Level: Error Keywords: User: SYSTEM Computer: ComputerName Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Microsoft’s workaround, which you can read in the KB article, involves deleting four Registry values, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, and TLS_RSA_WITH_AES_128_GCM_SHA256.

Then there’s the problem that Microsoft hasn’t acknowledged. SQL Server guru Darren Myher puts it this way:

Security Update MS14-066 causes major performance problems in Microsoft Access/SQL Server applications… When the update is installed to a server running Microsoft SQL Server (So far, confirmed as issue with SQL Server 2008 R2, SQL Server 2012, SQL Server 2014) client applications that access the database via ODBC such as Microsoft Access clients pointing to SQL Tables encounter a major performance hit…

Our customers are reporting that this security update causes MAJOR performance problems in any Microsoft Access application with a SQL Server backend (any version). For example, a simple operation such as clicking from one line of an order to another (without performing ANY data updates) can take from 5 to 15 seconds! For users having to update hundreds of lines of orders, the application becomes nearly unusable – an activity that used to take 5 minutes could take complete.

Please, if you have not installed this update yet – DO NOT INSTALL IT to the SQL Server machine

Myher also offers a fix to the problem: Uninstall the patch.

It isn’t clear if uninstalling the patch will also fix the first problem, the TLS 1.2 hang. Microsoft didn’t talk about it, although Sandi Hardmeier on the MSMVPs forum says uninstalling KB 2992611 will restore the old, good, registry settings.

Third, there’s a report on TechNet that KB 2992611 breaks IIS sites, specifically when using Google Chrome. Poster Pascal Winter, among many others, writes:

After KB2992611 was installed via Windows Automatic Update users of our retail site on Google Chrome were not able to establish a secure connection and could not reach our secure pages to checkout/manage accounts.

The workaround offered by poster DBWYCL involves using a load balancer on the front end of the server, terminating SSL at the load balancer and re-routing back to the server over HTTP. Nothing like a secure solution to a botched security patch, eh?

There are other problems. Poster Nicholas Piasecki says that installing KB 2992611 throws internal errors 1250 and 1051 when using Firefox, Chrome, and Safari (but IE was OK). Leon McCalla on the Microsoft Connect forum says that KB 2992611 breaks ODBC access in SQL Server 2008. Mike G on the Citrix forum reports that KB 2992611 breaks XML. Cristian Satnic at OdeToData posted his experiences with https problems using IIS and Chrome. Even Amazon Web Services acknowledges the problem — but doesn’t yet have a solution.

Once again, we’re sitting here with a bad patch, almost a week after Black Tuesday, and the patch is still being offered through Automatic Update. Microsoft hasn’t pulled it, in spite of one acknowledged major problem, another that’s the talk of the SQL Server community, and a few hangers-on that may clobber your machines. Amazon raised a red flag on Wednesday. What’s wrong with Microsoft?

I wonder if we can open a tech support ticket, saying that Windows patching itself is broken? Kind of a meta-complaint.

Related content

  • newsActiveState's Python taps Intel MKL to speed data science and machine learning The MKL libraries for accelerating math operations debuted in Intel's own Python distribution, but now other Pythons are following suit By Serdar YegulalpMay 18, 20173 minsData ScienceMachine LearningOpen Source
  • newsCrateDB 2.0 Enterprise stresses security and monitoring—and open source The open source database for processing high-speed freeform data with SQL queries now has enterprise features, available as open source for faster developer uptakeBy Serdar YegulalpMay 16, 20173 minsNoSQL DatabasesTechnology IndustryDatabases
  • news analysisWaah! WannaCry shifts the blame game into high gear Every security crisis presents the opportunity to point fingers, but that's just wasted energy. The criminals are at fault—and we need to work together to stop themBy Fahmida RashidMay 16, 20177 minsSmall and Medium BusinessTechnology IndustryMalware
  • newsFaster machine learning is coming to the Linux kernel The addition of heterogenous memory management to the Linux kernel will unlock new ways to speed up GPUs, and potentially other kinds of machine learning hardwareBy Serdar YegulalpMay 15, 20173 minsTechnology IndustryMachine LearningOpen Source
  • Resources
  • Videos
Microsoft does it again, botches KB 2992611 SChannel patch (2024)


What is Schannel error? ›

Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communication. These errors indicate a problem with the cipher suite chosen, or just the fact that the two sides (client and server) cannot agree on a cipher suite to use.

What is Microsoft Schannel? ›

Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.

What is MS14-066? ›

MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611) (uncredentialed check)

How to stop SCHANNEL errors? ›

To disable Schannel event logging:
  1. Open a command prompt.
  2. Type "regedit" and click OK. The Registry Editor opens.
  3. Locate the following key in the registry: ...
  4. Double-click EventLogging.
  5. Set the Value Data to "0", and then click OK.
  6. Close the Registry Editor.

What is SSL TLS secure channel error? ›

The "Could not create SSL/TLS secure channel" error occurs when your application fails to establish a secure connection with the web server using the SSL/TLS protocol. SSL/TLS stands for Secure Sockets Layer/Transport Layer Security, a standard protocol for encrypting and authenticating data over the internet.

Is Microsoft disabling TLS? ›

The internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1 due to several security issues. Starting with Windows 11 Insiders Preview and Windows Server Insiders Preview releases in 2024, they will be disabled by default.

What does a Microsoft security alert look like? ›

When Microsoft security alerts are displayed within Windows, it's typical to momentarily see a black pop-up in the lower-right corner of the screen, as shown in Figure 1. When this alert clears, it will also be listed within the Windows Action Center, as shown in Figure 2.

How do I get rid of Microsoft critical alert virus? ›

How to Get Rid of Critical Alert from Microsoft
  1. First, adjust your Windows settings. ...
  2. Next, make sure your operating system is up-to-date. ...
  3. Finally, install a reliable antivirus program on your computer. ...
  4. Pro Tip: Update your OS and security software to avoid critical alerts.

What is MS14? ›

MS14 is a natural herbal-marine drug, which has shown to slow down or halt the progression of multiple sclerosis (MS). This drug consists of 90% Penaeus latisculatus, 5% Apium graveolens, and 5% Hypericum perforatum L.

What is the MS14 057 update? ›

This security update resolves three privately reported vulnerabilities in Microsoft . NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a . NET web application.

What is Cve 2017-0143 vulnerability? ›

CVE-2017-0143 is a high-severity vulnerability affecting the SMBv1 server in various versions of Microsoft Windows, including Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows 10, and Windows Server 2016.

What does TLS error mean? ›

An SSL/TLS certificate error occurs when a web browser can't validate the HTTPS certificate installed on a website. This prevents a secure connection and triggers a browser warning. Users are advised to be cautious as the site's authenticity cannot be guaranteed. These errors can impact website trust and credibility.

How do I disable TLS 1.0 and 1.1 SCHANNEL? ›

Step 1: Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols". Create a key named "TLS 1.1" with two DWORDs for both TLS 1.0 & 1.1: "DisabledByDefault=1" & "Enabled=0".

What is SCHANNEL error code 0x80092013? ›

The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.

How do I troubleshoot TLS errors? ›

How to troubleshoot TLS handshake issues
  1. Method #1: Update your system's date and time.
  2. Method #2: Fix your Browser's configuration to match the Latest TLS Protocol Support.
  3. Method #3: Check and Change TLS Protocols [in Windows]
  4. Method #4: Verify Your Server Configuration [to Support SNI]
Oct 27, 2020

Top Articles
Latest Posts
Article information

Author: The Hon. Margery Christiansen

Last Updated:

Views: 5887

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: The Hon. Margery Christiansen

Birthday: 2000-07-07

Address: 5050 Breitenberg Knoll, New Robert, MI 45409

Phone: +2556892639372

Job: Investor Mining Engineer

Hobby: Sketching, Cosplaying, Glassblowing, Genealogy, Crocheting, Archery, Skateboarding

Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.