Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client

Another patch released by Microsoft this month is causing problems. This time it is KB3023607,which was supposed to mitigate the POODLE vulnerability. Once applied, Cisco AnyConnect users are no longer able to connect to their VPN.

For more details, also see the Cisco bug report https://tools.cisco.com/bugsearch/bug/CSCus89729 (requires login).

The issue appears to affect Windows 8.1, in which case running the application (vpnui.exe) in Windows 8 compatibility mode will fix the problem for now.

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler
Running vpnagent.exe in Windows 8 compatibility mode in addition to vpnui.exe was also necessary as a workaround. I wonder if anyone has tested the bad KB3023607 against other applications that could be impacted, such as Alt-N's MDaemon email server, for proper TLS negotiation?
-rogerc
Anonymous

Sign Up for Free or Log In to start participating in the conversation!