Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Internet Explorer-hosted applications that have managed controls and No Touch deployment may not work correctly after you install security update 2960358

Internet Explorer-hosted applications that have managed controls and No Touch deployment may not work correctly after you install security update 2960358

Symptoms

After you install the update that corresponds to Microsoft Security Advisory 2960358 for the .NET Framework, Internet Explorer hosted applications that have managed controls and No-Touch deployment applications may not start correctly. This behavior may only occur on Internet Explorer 9, and not on Internet Explorer 10 or Internet Explorer 11. 

↑ Back to the top

Cause

Microsoft Security Advisory 2960358 for the .NET Framework disables the RC4 cipher in Transport Layer Security (TLS), and updates the default from TLS 1.0 to the more secure TLS1.2 protocol. Installing the security update in some cases may result in a failure to establish a connection in order to prevent an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

↑ Back to the top

Workaround


As recommended in Security Advisory 2960358, customers should test this update for disabling RC4 before implementation in their environments. Although most applications will not be affected by this change, if an Internet Explorer-hosted managed application no longer works correctly, consider the following options:

  • Move away from No-Touch and use ClickOnce where applicable.
  • Disable RC4 on the computer. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    245030 How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

    The registry key setting can be found here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 <suite>

    "Enabled"=dword:0

↑ Back to the top

Affected products

The information in this article applies to:


  • Microsoft .NET Framework 2.0 SP2
  • Microsoft .NET Framework 3.5 
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 4.5
  • Microsoft .NET Framework 4.5.1
  • Microsoft .NET Framework 4.5.2

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2978675
Revision : 3
Created on : 6/4/2018
Published on : 6/4/2018
Exists online : False
Views : 64