Microsoft reissues fixed Schannel update

Problems with the update affected only Windows Server 2008 R2 and Windows Server 2012. The new update does not apply the new TLS ciphers by default.

Microsoft has re-released the MS14-066 update in order to address problems it caused for some users.

In addition to fixing a highly critical vulnerability in Schannel (Microsoft's implementation of SSL/TLS), MS14-066 added several new ciphers to the TLS suite. The ciphers caused severe problems for some users and Microsoft released instructions on how to remove them.

It now appears that the ciphers apply only to Windows 7, Windows Server 2008 R2, Windows 8.x, and Windows Server 2012 systems. Microsoft says that the problems were observed only on Windows Server 2008 R2 and Windows Server 2012, and only by a few users on those.

As detailed in the update KB article, a new secondary update package has been added for Windows Server 2008 R2 and Windows Server 2012. This update will appear as #3018238 in the usual distribution channels and install automatically with the security update for MS14-066. If you already have the MS14-066 update installed, it will be reoffered to make sure that the new cipher update is installed.

Microsoft has removed the new ciphers from the default cipher suite priority list in the registry. Microsoft says that the ciphers "...may be re-added to the default priority list in a future release after the community has had an opportunity to make sure of correct execution in all customer scenarios."

If you downloaded this update from the Download Center for either Windows Server 2008 R2 or Windows Server 2012 and then applied it, Microsoft recommends that you also reinstall it from the Download Center. In the Download Center you will need to check boxes for updates 2992611 and 3018238. Applying these new updates will require two reboots.

Neither removing the ciphers, adjusting their priority nor applying the new update affects the installation of the highly-critical Schannel bug fix in MS14-066.