Informational: Microsoft KB2163017 & KB3163018

[io]

Microsoft released a cumulative update this week to address a number of security-related issues in Windows 10. Unfortunately, this update appears to sever MiCollab Client's ability to communicate with its servers. After login, the client reports "Disconnected from server" and repeatedly attempts to re-connect. I noted this issue today after updating a PC running MiCollab 6.0.510. Uninstalling the referenced Windows Update resolved the issue.

[ralph]

Thanks for letting us know that.
It could save a lot of frustration knowing that MS broke stuff again.

Ralph

[irongladiator]

Hello Fellow Mitel Techs,
I also wanted to add that we have a customer that has MiCollab with Voice 6.0.206.0 and using MiCollab Client 6.0.509.0. When used on a Windows 10 Machine with MS Update KB3163018 they reported that they were no longer able to keep a connection (See Pic Below).



They also reported that once the Microsoft update was removed they were once again able to maintain a connection and have the MiCollab Client operate as normal.

I opened up a ticket with Mitel on it and their official response was that in order to support Windows 10 that they would need to upgrade to MiCollab 7.1.

Just wanted to share with y'all.

Thanks,
-Iron

[io]

Hello Fellow Mitel Techs,
I also wanted to add that we have a customer that has MiCollab with Voice 6.0.206.0 and using MiCollab Client 6.0.509.0. When used on a Windows 10 Machine with MS Update KB3163018 they reported that they were no longer able to keep a connection (See Pic Below).


They also reported that once the Microsoft update was removed they were once again able to maintain a connection and have the MiCollab Client operate as normal.

I opened up a ticket with Mitel on it and their official response was that in order to support Windows 10 that they would need to upgrade to MiCollab 7.1.

Just wanted to share with y'all.

Thanks,
-Iron

Good catch - I noticed the same issue from KB3163018. Is there a way I can edit the title of this topic so that both updates are referenced?

[irongladiator]

Good catch - I noticed the same issue from KB3163018. Is there a way I can edit the title of this topic so that both updates are referenced?

io,
This topic has been modified at your request. 

Thanks,
-Iron

[io]

Many thanks!

[sebiluke]

Workaround...add this registry key :

It's working great for me..

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
 "ClientMinKeyBitLength"=dword:00000200

[io]

Workaround...add this registry key :

It's working great for me..

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
 "ClientMinKeyBitLength"=dword:00000200

Nice catch. What is your understanding on how this works?

[sebiluke]

Check this old post on microsoft : https://support.microsoft.com/en-us/kb/3061518

it's seem the minimum allowed DHE key length on client computers is changed to 1,024 bits by default, instead of the previous minimum allowed key length of 512 bits...beacause 512bits are less secure...and probably UCA use 512bits keys...

[io]

Good to know - thanks.

[Microfiche]

I had to create the Diffie-Hellman key and then add the D-WORD values, but worked well on a Win 7 Pro machine without uninstalling the Windows update(s)

[Sucamarto]

Workaround...add this registry key :

It's working great for me..

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
 "ClientMinKeyBitLength"=dword:00000200

Sorry and i may be mistaken but doesn't this workaround expose a security hole in Windows as per the following Windows Security fix?

MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015
https://support.microsoft.com/en-us/kb/3061518

[VinceWhirlwind]

Yes, if you browse to the internet, and if somebody (through hijacked DNS or hijacked physical infrastructure) is on the path of your communication, they could use a Logjam attack to break your keys and read your traffic.
 
In other words, some internet users if they web-browse to the wrong place, might not be benefiting from the encryption they think they have.
 
So tell all your users to stop browsing the internet and get back to work.

[io]

Sorry and i may be mistaken but doesn't this workaround expose a security hole in Windows as per the following Windows Security fix?

MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015
https://support.microsoft.com/en-us/kb/3061518

My take on this situation is that any workaround for this issue is going to involve creating a vulnerability. Microsoft is addressing a security flaw that older versions of the UCA do not support. The only real fix is to upgrade your systems and applications.