AnsweredAssumed Answered

SSL/TLS use of weak RC4 cipher

Question asked by Nawaz Khan on Jan 8, 2014
Latest reply on Jan 14, 2014 by Robert Dell'Immagine

Dear All,

 

Please see the below mentioned Microsoft link

 

http://support.microsoft.com/kb/2868725

 

We have followed that and updated the system with all the updates. the necessary updates mentioned in the above url have been applied.

 

however, the only thing that is left are the below mentioned registry entries:

 

  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
    "Enabled"=dword:00000000
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
    "Enabled"=dword:00000000
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
    "Enabled"=dword:00000000

 

I would like to know if there WILL BE ANY IMPACT ON THE SYSTEM DUE TO THESE ENTRIES AS THE SYSTEM IS IN PRODUCTION AND WE CANT AFFORD TO TAKE RISK OF ANY CRASH ETC....

 

Please mention if above registry entries will close this vulnerability. Also see the attached screenshot of Qualys Vulnerability identified. In the report, the vulnerability is associted with REMOTE DESKTOP PORT 3389. Making this registry entry will address this issue or not??

 

Awaiting response.

 

Thanks

Outcomes