{"id":1248,"date":"2016-08-12T00:57:00","date_gmt":"2016-08-11T22:57:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=1248"},"modified":"2024-10-01T15:06:00","modified_gmt":"2024-10-01T13:06:00","slug":"ie-11-security-updates-junejuly-2016-are-causing-issues","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2016\/08\/12\/ie-11-security-updates-junejuly-2016-are-causing-issues\/","title":{"rendered":"IE 11 security updates June\/July 2016 are causing issues"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/11\/IE.jpg\" align=\"left\">[<a href=\"http:\/\/www.borncity.com\/blog\/2016\/08\/09\/rger-mit-kumulativen-ie-11-updates-junijuli-2016-darstellunglogin-etc\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has issued some security updates in June and July 2016 for Internet Explorer 11. Blog reader Axel H. has observed serious issues within his intranet with Sharepoint. Some Web sites are rendered wrong and it seems that other admins are facing also trouble. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/f2060ac62a474fc18edc4fd98f8db3f7\" width=\"1\" height=\"1\">Currently I can only cumulate what I've found. Some SAP users are reporting login issues after installing IE 11 security updates. Others are facing trouble with rendering some web pages in IE 11 enterprise mode. At August 3, 2016 Axel send me an e-mail summarizing his observations. Here is an excerpt. <\/p>\n<blockquote>\n<p>after installing cumulative IE 11 updates June\/July 2016, some web pages in Intranet can't be opened, and on some SharePoint pages the context has been rendered in \"shifted mode\".  <\/p>\n<p>MS16-063 (June) and\/or MS16-084 on W7 clients&nbsp; and the corresponding Cumulative updates for Windows 10 has been installed. IE version is either 11.0.32 (June) or 11.0.33 (July). Version 11.0.31 doesn't make trouble. After uninstalling the last IE security updates, everything seems fine again. There has been only two websites, addressing similar issues:  <\/p>\n<p><a href=\"https:\/\/community.spiceworks.com\/topic\/1722111-windows-update-kb3170106-messes-up-sharepoint\" target=\"_blank\" rel=\"noopener\">Windows update KB3170106 messes up sharepoint<\/a><br \/><a href=\"https:\/\/blogs.windows.com\/msedgedev\/2016\/04\/29\/sha1-deprecation-roadmap\/\" target=\"_blank\" rel=\"noopener\">An update to our SHA-1 deprecation roadmap<\/a><\/p>\n<\/blockquote>\n<p>Later on Axel send me further details. He found some comments in SAP user forums, where login has changed for SAP software. Here are the links.  <\/p>\n<blockquote>\n<p><a href=\"https:\/\/cyberstrong.com\/\" target=\"_blank\" rel=\"noopener\">update KB3170106 which changed the way ASP objects are handled<\/a><br \/><a href=\"https:\/\/scn.sap.com\/thread\/3919571\">windows 10 update 15 Jun 2016<\/a><br \/><a href=\"http:\/\/stackoverflow.com\/questions\/38205967\/could-not-establish-secure-channel-for-ssl-tls-with-authority-after-communicatio\/38239536#38239536\" target=\"_blank\" rel=\"noopener\">Could not establish secure channel for SSL\/TLS with authority<\/a><br \/>June 2016 Update KB3163018 \u2013 TLS 1.0 support removed\/blocked?<\/p>\n<\/blockquote>\n<p>This posts confirms, that IE 11 updates like KB31616086 and KB3161608 are causing issues, because server certificates are exchanged. Some admins are reporting SSL errors that will be gone after uninstalling the updates.  <\/p>\n<h3>SAP login issues<\/h3>\n<p>Axel has send me the link <a href=\"http:\/\/scn.sap.com\/thread\/3922951\">Server's Security Certificate Windows 7<\/a> addressing SAP software. He has added a SAP document dealing with this issue. Below is a screenshot of the PDF document (the content is only a graphic).  <\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20190203154732\/http:\/\/n88.imgup.net\/SAP-IE0dcb.jpg\"><img decoding=\"async\" title=\"SAP Problembericht\" alt=\"SAP Problembericht\" src=\"https:\/\/web.archive.org\/web\/20190203154732\/http:\/\/n88.imgup.net\/SAP-IE0dcb.jpg\"><\/a>  <\/p>\n<p>The site <a href=\"https:\/\/scn.sap.com\/docs\/DOC-73794\" target=\"_blank\" rel=\"noopener\">SAP B1 \u2013 There is a problem with the server's security certificate \u2013 Windows 10<\/a> deals with the same issue and recommends to uninstall KB3163017\/KB3163018. SAP recommends to switch to the newest Business One clients.  <\/p>\n<h3>First workaround<\/h3>\n<p>Because we are dealing with security updates for IE 11, uninstalling these patches isn't the best choice. Axel found some hints. He wrote:  <\/p>\n<blockquote>\n<p>The SharePoint issues could be tracked down to the Enterprise Mode site list. But HP Service Manager won't work anymore in W10 Patch. The assumption was that it's a TLS 1.0+SHA-1 handshake error.<\/p>\n<\/blockquote>\n<p>One of his colleagues found more details. <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3161639\" target=\"_blank\" rel=\"noopener\">KB3161639<\/a> adds two Cipher suites, and those entries change the order of certificates. Deleting: <\/p>\n<blockquote>\n<p>TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br \/>TLS_DHE_RSA_WITH_AES_128_CBC_SHA<\/p>\n<\/blockquote>\n<p>in HKLM\\SYSTEM\\CurrentControlSet\\Control\\Cryptography\\<br \/>Configuration\\Local\\SSL\\00010002 enables access to Web pages in Windows 10 clients. At August 10, 2016 Axel added: <\/p>\n<blockquote>\n<p>According to <a href=\"https:\/\/technet.microsoft.com\/library\/security\/3042058.aspx\" target=\"_blank\" rel=\"noopener\">https:\/\/technet.microsoft.com\/library\/security\/3042058.aspx<\/a> Microsoft has changed the priority of entries in Cipher suites. Changing the position of entries within the list changes also its priorities. Under Windows 10 they moved entry <\/p>\n<p>TLS_RSA_WITH_AES_128_CBC_SHA<\/p>\n<\/blockquote>\n<blockquote>\n<p>in above the new entries  <\/p>\n<p>TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br \/>TLS_DHE_RSA_WITH_AES_128_CBC_SHA  <\/p>\n<p>and HP ServiceManager was useable again.  <\/p>\n<p>The liste of \u201eCipher Suites\" on this <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3161639\" target=\"_blank\" rel=\"noopener\">Microsoft page<\/a> looks a bit different from our list. We fear that new patches will change the priorities and list order again. Therefore we are searching for different solutions. <\/p>\n<\/blockquote>\n<p>Axel has added the following links to pages covering the topic:<\/p>\n<p><a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa374757(v=vs.85).aspx\" target=\"_blank\" rel=\"noopener\">https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa374757(v=vs.85).aspx<\/a><br \/><a href=\"https:\/\/msdn.microsoft.com\/library\/windows\/desktop\/mt767769.aspx\" target=\"_blank\" rel=\"noopener\">https:\/\/msdn.microsoft.com\/library\/windows\/desktop\/mt767769.aspx<\/a><br \/><a href=\"https:\/\/blogs.technet.microsoft.com\/windowsitpro\/2016\/05\/17\/simplifying-updates-for-windows-7-and-8-1\/\" target=\"_blank\" rel=\"noopener\">https:\/\/blogs.technet.microsoft.com\/windowsitpro\/2016\/05\/17\/simplifying-updates-for-windows-7-and-8-1\/<\/a><\/p>\n<p>If someone has further thoughs\/insides or hints, feel free to crop a comment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has issued some security updates in June and July 2016 for Internet Explorer 11. Blog reader Axel H. has observed serious issues within his intranet with Sharepoint. Some Web sites are rendered wrong and it seems that other admins &hellip; <a href=\"https:\/\/borncity.com\/win\/2016\/08\/12\/ie-11-security-updates-junejuly-2016-are-causing-issues\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[44,166,100,194],"class_list":["post-1248","post","type-post","status-publish","format-standard","hentry","category-update","tag-ie-11","tag-issues","tag-updates","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/1248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=1248"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/1248\/revisions"}],"predecessor-version":[{"id":35088,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/1248\/revisions\/35088"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=1248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=1248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=1248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}