Microsoft KB Archive/148427

= Generic SSL (PCT/TLS) Updates for IIS and Microsoft Internet Products =

Article ID: 148427

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Site Server 3.0 Commerce Edition
 * Microsoft Site Server 2.0 Enterprise Edition

-



This article was previously published under Q148427



SUMMARY
On July 17, 1998 Microsoft released an updated version of Schannel.dll. This latest version provides the following benefits:  Resolves the vulnerability in SSL (Secure Sockets Layer) discovered by Daniel Bleichenbacher of Bell Labs. Banks outside the U.S. and Canada can now use extremely strong 128-bit encryption. Eliminates the need for separate SGC and non-SGC versions of Schannel.dll. Corrects the "Bad Password" error message Includes an updated version of Sgcinst.exe that corrects the problem where SGCINST appears to execute but SGC does not work. For more information, please see the following article in the Microsoft Knowledge Base:

180018 SGCINST.EXE Appears to Execute but SGC Does Not Work





MORE INFORMATION
Schannel.dll is available at the following Internet location:

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/ssl-fix/

The updated version of Schannel.dll is available in Windows NT version 4.0 Service Pack 4 and later. For additional information, please see the following article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Additional query words: sp3 iis international banking win95 ie internet explorer 3.02 4.01 "adaptive chosen cyphertext" cryptoanalysis SSL2 PCT1 SSL3 TLS1 "Error Message Vulnerability"

Keywords: kbinfo KB148427

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.