Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security updates for Vista after end of support - Windows Server 2008 patches


  • Please log in to reply
49 replies to this topic

#46 KYKaren

KYKaren

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 21 August 2017 - 09:58 PM

 

My Vista x86 has the August WS2008 IE9 patch KB4034733 installed.  In the IE9 brower, the dialogue box for Tools | Internet Options | Advanced > Security also has only 'Use TLS 1.0' listed and the box is checked (i.e., no listing for TLS 1.1 or TLS 1.2).  (It also has the box for  'Use SSL 3.0' checked. I am thinking that I should uncheck this box, because otherwise, TSL 1.0 can downgrade to SSL 3.0 and thus, weaken security, were I to use the IE9 browser.  Any ideas about this?

 

Hi KYKaren:

 

Yes, I would recommend disabling SSL 3.0 support in your IE9 browser.  I did this back in 2014 when the POODLE exploit was first reported - see Martin Brinkmann's October 2014 ghacks.net article SSL 3.0 Vulnerability Discovered. Find Out How to Protect Yourself.  Both Mozilla and Google automatically disabled SSL 3.0 support in their browsers in January 2015 (FF v35, Chrome v40), and when it was later discovered that TLS 1.0 was also vulnerable to the POODLE exploit I went ahead and turned off TLS 1.0 in my Firefox settings as instructed in the SSL.com article Turn Off SSL 3.0 and TLS 1.0 in Your Browser.  Unfortunately, you can't disable TLS 1.0 in IE9 since you need at least one supported protocol to make a secure connection.

 

I switched from IE9 to Firefox back in 2011 because of this lack of TLS 1.1 and 1.2 support in IE9.  Firefox ESR is now the only secure browser for use on Vista SP2 computers since Google stopped supporting the Win XP and Vista platforms in April 2016 per their announcement <here>.

 

BTW, I read on Wikipedia (about Transport Layer Security) that Firefox enabled TLS 1.3 by default in Feb, 2017.  But, given your brower test, this must not include Firefox ESR??

 

According to Martin Brinkmann's June 2017 ghacks.net article How to Enable TLS 1.3 Support in Firefox and Chrome "Both Firefox and Chrome support TLS 1.3, but the version of Transport Layer Security is not enabled by default. The main reason for that, likely, is that it is still only available as a draft."  TLS 1.2 is still the recommended protocol until TLS 1.3 comes out of beta.  I posted further information about IE9 and TLS 1.3 in the Norton Tech Outpost board <here>.

-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.0.85 * MB Premium v3.1.2

 

A super thanks for all of your tips here and that ssllabs.com url for testing browsers in a previous post. 



BC AdBot (Login to Remove)

 


#47 -Ruan

-Ruan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 August 2017 - 08:02 PM

Hi Folks,

RE: TLS 1.1 and 1.2 support in IE9 - There's an excellent tutorial created by VistaLover over at MSFN which should help you out.

Enabling TLS 1.1/1.2 support in Vista's Internet Explorer 9
 

 

@ Sardoc: Many thanks for creating this thread, and for the time and effort you've put into it :thumbup2: .



#48 lmacri

lmacri

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:08:34 AM

Posted 23 August 2017 - 08:42 PM

...Microsoft has some information in their blog at TLS 1.2 Support added to Windows Server 2008 and the registry changes required to enable TLS 1.2 support on Windows Server 2008 web servers is posted in the KB article for KB4019276, but I don`t think this is going to have a direct affect on Vista SP2 home users...

RE: TLS 1.1 and 1.2 support in IE9 - There's an excellent tutorial created by VistaLover over at MSFN which should help you out.

Enabling TLS 1.1/1.2 support in Vista's Internet Explorer 9

 

Hi -Ruan:

 

Thanks for posting the link to VistaLover's post in the MSFN.org forum.  The registry edits in those instructions are different from the registry edits posted in the KB article for KB4019276 so kudos to VistaLover for figuring out the required registry edits for enabling TLS 1.1 and 1.2 in IE9.

-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.0.85 * MB Premium v3.1.2
 


Edited by lmacri, 23 August 2017 - 08:42 PM.


#49 joezapp

joezapp

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 23 August 2017 - 09:32 PM

 

What is the KB file for the Cumulative Security Update for IE9?  Can't see the number. 

 

I've cross-checked with the Security Guidance Summary.  There is one missing from your list: 

KB4025872   Security Update for the PowerShell remote code execution vulnerability in Windows Server 2008. 

 

Maybe, it doesn't apply to your machine.

 

Any .NET Framework updates?  I see one each in the Security Guidance Summary for 4.6,  4.6.1,  4.6.2/4.7, and 4.7, but none for 2.0 or 4.5.x

 

Thanks.

 

The KB number for the IE update is KB4025252. Only after taking the screenshot I realized that that number was not included, but you can see it on the right hand side in the title of the patch.

 

I just checked and PowerShell is installed on both my Server 2008 VM's, but they do not come up with any update. I read on a neighbouring thread on msfn.org that poster bbq was unable to install the PowerShell update on Vista. I do think that is related with it not showing up in my VM's, but I don't know how.

 

There were no .NET updates. I have installed .NET 3.5 SP1 and 4.6.1 in the VM's, if there were any updates they should have appeared. .NET 2.0 and 3.0 are already included in Server 2008/Vista. I think updates for version 2.0 should appear automatically too. Version 3.0 is superseded by version 3.5 SP1.

 

Thanks for posting this, pimjoosten. I do need Silverlight on my Vista machine, as I have a program that requires it. I suppose that effectively nullifies the idea of possibly going with the Windows Server 2008 updates.

 

Please note that I was recently prompted to update Silverlight, which I did, and it shows in my list of installed updates. So apparently Silverlight updates aren't going away for Vista users.  

 

Especially for you :wink:  I have installed Silverlight in my VM's (it is apparently possible). Windows Update then came up with only one update from June: KB4023307, so Silverlight is still maintained on Server 2008. Is that the one you got? On my Vista machines (x86 and x64) I did not get this one (I uninstalled Silverlight in July), therefore I think there will be no Silverlight updates on Vista. I still do get Office 2007 patches though, so updates for supported programs are still provided.

 

 

Sorry for the delay in responding. In my list of installed updates on my Vista machine is Microsoft Silverlight 5.1.50907.0 installed on 6/22/17.



#50 Sardoc

Sardoc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 06 September 2017 - 10:13 PM

Just to let everyone know, I'll post September updates list some time after next week, as I'm leaving for holidays. Will also let you know about enabling TLS in IE9.

 

Until then, enjoy!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users