Poodle

Microsoft Releases Program to Fix POODLE Flaw

November 4, 2014 | By Editor 

Summary

Internet Explorer (IE) on Windows client systems, by default, supports SSL 3.0, the version that has been recently found unsafe to attacks. Now ,there is a another way to disable the support for SSL 3.0.

Microsoft Fix Poodle

Microsoft Release Patch for POODLE

Microsoft has released a program called ‘Fix It’ to disable the SSL 3.0 feature that was the subject of the recent menacing POODLE exploit. The Fix It is a program that enforces changes in the registry, making the process easier than the alternatives.POODLE (Padding Oracle On Download Legacy Encryption) is the name given to a security flaw in SSL 3.0 that was discovered earlier in October 2014 by a Google researcher.

Secure Socket Layer (SSL) was replaced by the advanced Transport layer Security (TLS), current TLS version is 1.2, but systems may fall back to SSL if the server doesn’t support the newer ones.Since the POODLE is a design flaw that found in SSL/TLS, there is no patch to fix the exploit. Instead, Web browser companies are disabling support for SSL 3.0, a security protocol that is old and outdated anyway.

The number of server systems that require SSL version 3.0 is said to be small in number but people using those servers will have issues connecting as client systems. They will begin to have their support for SSL 3.0 removed.Disabling the support for SSL version 3.0 for Internet Explorer was not all that difficult without the Fix It program. Users can go to the ‘Tools’ menu, select ‘Internet Options’ dialog box, then click the ‘Advanced’ tab, and uncheck “Use SSL 2.0” and “Use SSL 3.0” options found at the bottom of the dialog box.

You can also disable SSL 3.0 support by turning off encryption support found in the advanced page of the Internet control panel in Internet Explorer. This is a group policy setting available for managed environments.Tech giant Google has announced it will remove support for SSL 3.0 from all its client products In the next few months. The next Firefox version, to be released on November 25, will disable SSL version 3.0 completely.

In the meantime, Mozilla has released an SSL Version Control extension called SSL Version Control 0.2 to let users disable the feature.

EV SSL

<< The Most Common Social Media Scams One Needs to be Aware ofMicrosoft Releases Program to Fix POODLE Flaw >>

Posted in Poodle

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory