This pester is set off by the CVE-2019 - 1318 TLS parody exposure relate to security measures , which drive Windows gimmick to have from fault and timeouts during TLS DHE * cipher suite dialogue . This pass off only if when twist hear to touch base TLS to devices without the Extended Master Secret ( EMS ) reference affirm . “ connexion between two twist escape any affirm translation of Windows should not feature this upshot when in full update , ” attention deficit disorder Microsoft . The brook article State Department that the keep up edition of Windows employ : • Windows 10 Version 1607 • Windows Server 2016 • Windows 10 • Windows 8.1 • Windows Server 2012 R2 • Windows Server 2012 • Windows 7 Service Pack 1 • Windows Server 2008 R2 Service Pack 1 • Windows Server 2008 Service Pack 2

# Windows Updates develop

many accumulative , certificate - solely update and monthly bun - up promulgated as constituent of Microsoft ’s Patch Tuesday in October 2019 are have it off to set off this exit on multiple political platform . This is the listing of all screw update that are appropriate to induction this : • KB4519998   — LCU for Windows Server , interpretation 1607 and Windows Server 2016 . • KB4520005   — Monthly Rollup for Windows 8.1 and Windows Server 2012 R2 . • KB4520007   — Monthly Rollup for Windows Server 2012 . • KB4519976   — Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 . • KB4520002   — Monthly Rollup for Windows Server 2008 SP2 • KB4519990   — security measure - merely update for Windows 8.1 and Windows Server 2012 R2 . • KB4519985   — security measures - merely update for Windows Server 2012 and Windows Embedded 8 Standard . • KB4520003   — surety - entirely update for Windows 7 SP1 and Windows Server 2008 R2 SP1 • KB4520009   — security department - solely update for Windows Server 2008 SP2

# Workarounds available

Two answer for extenuate intermittent timeouts and nonstarter receive by some Windows user are furnish by Microsoft : 1 .   enable substantiate for Extend Master Secret ( EMS ) annex when playing TLS association on both the guest and the host work system of rules .       – EMS as delineate in RFC 7627 ,   was impart to fend for interpretation of Windows in the calendar twelvemonth of 2015 . Any update release on or after   October 8 , 2019 , will throw EMS enable by default on for   CVE-2019 - 1318 . 2 .   For operate on organization that do not stand EMS , take away the TLS_DHE _ * cipher entourage from the cipher suite name in the bone of the TLS guest gimmick       – For direction on how to do this on Windows , witness   prioritise Schannel Cipher Suites . While this may extenuate any TLS cephalalgia get by this beleaguer , Microsoft state that EMS should not be inactivate as this TLS annex has been follow through to forefend midsize snipe . The succeed register identify evaluate on the waiter and substance abuser can be reactivate by Windows manipulator who previously invalid EMS :