KB3161608 & KB3161606 replaced by KB3172605 & KB3172614

KB3172605 (Windows 7 and Windows Server 2008 R2 Sp1) and KB3172614 (Windows 8.1 and Windows Server 2012 R2) are July 2016 update rollups, and are replacing the update rollups from June 2016 (KB3161608 and KB3161606). July 2016 update rollups are fixing the issues that were caused by the June 2016 update rollups (for example: Hyper V and Integration Services issues).
All other updates introduced in June 2016 update rollups are present also into July 2016 update rollups.
So, introduction of new cipher suites to Internet Explorer and Microsoft Egde in Windows introduced in June 2016 update rollups, might break access to some old https enable sites.
This issue can be resolved by uninstalling these update rollups, or in my case adding the following registry key on affected machines (lowering the DHE key length on clients to 512bits, instead using the default 1024bits):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200

After adding the registry key (restart is not necessary), https "oldies" started to open with Internet Explorer.

Happy Patching :)

6 comments:

  1. Thanks a million for this post. The registry key worked like a charm!

    ReplyDelete
  2. Muchas Gracias!!! Funcionó correctamente.

    ReplyDelete
  3. Thank you ! This resolved the issue for us

    ReplyDelete
  4. Exercise and hydrate a lot, use other remedies to help with the detoxification. However, you won’t have that kind of time on your hands most of the time. As such, the best method then becomes the one that works best in the amount of time you have. If the amount of time you have is more than a week, detox kits or pills will be your best bet. If it’s even less than that, These drinks are the way to go. Drug residues can commonly be found in a person's hair for up to three months Visit: https://www.urineworld.com/

    ReplyDelete
  5. That's right on.
    This issue can be resolved by disabling the DH key exchange algorithm using registers. I hope that the information provided will be instrumental in addressing this critical issue at hand. Best of Luck!
    boat rental abu dhabi

    ReplyDelete
  6. This concern can be addressed by disabling legacy protocols in the system settings. I trust that this insight will surely assist you in managing this important issue. Best Regards! Cisco distributors in dubai

    ReplyDelete

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...