Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » >>> IMPORTANT: Jan 2012 Microsoft patch KB2585542 breaks Kerio Outlook Connector SSL (Read the topic for workaround.)
  •  
Erkel

Messages: 8
Karma: 1
Send a private message to this user
Hi,

We are finding that the install of MS patch KB2585542 which was recently released is causing KOC to loose the connection to the server. It is an SSL patch. Once uninstalled normal operation resumes.

support.microsoft.com/kb/2585542
technet.microsoft.com/en-us/security/bulletin/ms12-006

Executive Summary
This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

I have already notified Kerio support, please let me know when a patch for KOC is available.

Cheers

[Updated on: Wed, 14 November 2012 14:53] by Moderator

  •  
trifecta

Messages: 87
Karma: -2
Send a private message to this user
Confirmed!


  • Attachment: Snap39.jpg
    (Size: 59.50KB, Downloaded 1006 times)
  •  
Kerio_ppolak

Messages: 19
Karma: 2
Send a private message to this user
Confirmed,
we are looking into the issue. As soon as we have more details, it will be posted here.
Current "workarounds" are:
- uninstall the KB, or
- disable "Use data compression" in Outlook account setting, or
- turn off SSL in Outlook account setting (requires Outlook restart)

Regards,

[Updated on: Wed, 11 January 2012 10:07] by Moderator


Pavel Polak
Technical Operations Director | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
luca67

Messages: 8
Karma: -2
Send a private message to this user
WE HAVE A LOT OF CLIENTS WITH THIS PROBLEMS....
PLEASE SOLVE THE PROBLEM !!!!!!!!!!!!!!!
  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
Same problem here. We are using WSUS where critical updates are applied automatically, luckily by seeing this only 3 machines have installed the patch and now I have blocked the installation.

My machine was one of them! Luckily Windows 7 and Vista allows automatic removal. Those on XP are not so lucky.

Stuart
  •  
Lisa Lyons (Kerio)

Messages: 175
Karma: 8
Send a private message to this user
Hi, All

Thanks for keeping this post going. We have work arounds for those of you who are unable to get the KB uninstalled, and have created a knowledgebase article that can be referred to.

http://kb.kerio.com/article.php?id=791

Our developers are working on this and we will update you when there is further information.

Kerio Technical Support
Log Support Incidents here: http://www.kerio.com/support
Also, please use our KB: http://kb.kerio.com
  •  
Pelikan

Messages: 8
Karma: 0
Send a private message to this user
same here. stopped the installation via WSUS after searching for the right update, that caused the problem on XP and Win7 x64 and x86.

[Updated on: Wed, 11 January 2012 15:02]

  •  
Vic27

Messages: 5
Karma: 0
Send a private message to this user
We have this spread to WinXP, Win7 x86 & x64. So far removal fixes the issue, I have seen in two instances (both machines were win7 x64 running outlook 2007) users were also not able to receive mail. Declining update in WSUS will stop the update from being pushed out to others but anyone who installed the update and restarted their computer will be affected.
  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
You can also uninstall automatically if you are using WSUS, providing the client is using Windows Vista or Windows 7

Unfortunately XP clients are left with a manual uninstall, which could be a rather large problem depending on the number of users.
  •  
soghez

Messages: 2
Karma: 0
Send a private message to this user
stupot1397 wrote on Wed, 11 January 2012 11:44
Same problem here. We are using WSUS where critical updates are applied automatically, luckily by seeing this only 3 machines have installed the patch and now I have blocked the installation.

My machine was one of them! Luckily Windows 7 and Vista allows automatic removal. Those on XP are not so lucky.

Stuart

WSUS:
We declined the kb2585542 for WinXp version and approved for removal for Win7 version

WinXP remove:
we remove manually the patch on winxp machine with the spunist command.

c:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe /passive /promptrestart

After restarting Windows Outlook works fine.
  •  
Erkel

Messages: 8
Karma: 1
Send a private message to this user
If as per the kerio KB disabling data compression works around the issue, can kerio please release a patched version of KOC as a temporary measure until a proper fix is implemented, as a KOC update can be deployed more easily and without dealing with users, than the work around or uninstallation of the MS update.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Recent Microsoft Windows update KB2585542 (released on Tuesday, January 10, 2012, link ) changes the winhttp.dll system library which is used by Kerio Outlook Connector (Offline Edition). The update changes the data flow in a network communication over TLS (SSL) secured connection used in HTTPS communication of Kerio Outlook Connector with Kerio Connect server. This change is not compatible with Kerio Connect server.

Q: How do I know I'm affected? What are the symptoms?
A: Users may experience various symptoms, depending on Microsoft Outlook version they use. These symptoms include:
• Microsoft Outlook shows an error while sending an email (error 0x800CCC12 Cannot connect to network):
./fa/2425/0/
• Kerio Outlook Connector is in offline mode after start of Microsoft Outlook:
./fa/2422/0/
• Kerio Outlook Connector reports that user authentication fails after opening Microsoft Outlook:
./fa/2428/0/
• It is not possible to configure new Kerio Outlook Connector account in Microsoft Outlook (error 0x80042004 Unknown error):
./fa/2424/0/

• Microsoft Outlook fails to start with error "0x8004010f MAPI_E_NOT_FOUND":
./fa/2427/0/

Q: How do I check if the update is installed?
A: To verify that open Control Panel, select Programs and then select Programs and Features and choose "Installed updates" option and look for "KB2585542" in Microsoft Windows section.
./fa/2423/0/

Q: How do I fix it?
A: Install Kerio Connect 7.3.1 patch 2 and update all Kerio Outlook Connectors to this version. Kerio Outlook Connector will be updated automatically from Kerio Connect server. The patch will be available for download from Kerio website on January 12, 2012. In emergency case contact our technical support for pre-release link.

Q: I cannot update the server. What else can I do?
A: There are two possible workarounds for customers who don't or can't update to Kerio Connect 7.3.1 patch 2:
• Open the Kerio Outlook Connector account configuration and disable "Use data compression" option in the account settings.
To do so, open Control Panel, select Users accounts and then select Mail option. Click on the E-mail Accounts button and edit the account settings and uncheck „Use data compression" option in Server Details tab. Then click on OK and start Microsoft Outlook:
./fa/2426/0/

• Uninstall KB2585542 from client computer. To do so, locate the "KB2585542" update in Control Panel/Programs and Features/Installed updates windows and select „Uninstall" option. This requires computer restart.
The update can be also uninstalled automatically if you are using WSUS if the client is using Windows Vista or Windows 7.

Q: Does it affect Kerio Connector for Blackberry?
A: Yes, this problem affects also Kerio Connector for Blackberry. The solution (or workaround) is the same as for Kerio Outlook Connector. Preferred solution is upgrade of Kerio Connector for Blackberry and Kerio Connect to version 7.3.1 patch 2.

Q: What Kerio Outlook Connector versions are affected?
A: Affected are all Kerio Outlook Connector versions on Windows XP, Windows Vista and Windows 7 with installed KB2585542 update.

Q: I don't use SSL. Do I need to install Kerio Connect 7.3.1 patch 2?
A: No. If you don't use SSL (HTTPS) for synchronization of Kerio Outlook Connector with Kerio Connect server then there is no requirement for installing the patch.

  • Attachment: 1.png
    (Size: 42.94KB, Downloaded 8666 times)
  • Attachment: 2.png
    (Size: 106.83KB, Downloaded 8737 times)
  • Attachment: 3.png
    (Size: 21.15KB, Downloaded 8328 times)
  • Attachment: 4.png
    (Size: 71.87KB, Downloaded 8955 times)
  • Attachment: 5.png
    (Size: 61.26KB, Downloaded 8470 times)
  • Attachment: 6.png
    (Size: 9.64KB, Downloaded 8267 times)
  • Attachment: 7.png
    (Size: 8.02KB, Downloaded 8525 times)
  •  
sappa

Messages: 32
Karma: 0
Send a private message to this user
7.3.1 patch 2. is relased and working thanx kerio

Kerio Connect
~1000 users

Kerio Control
~1000 users
  •  
ant108

Messages: 8
Karma: 0
Send a private message to this user
Unfortunately the update cannot be installed if Software Maintenance licence is expired, which is our case (our fault).

However, in Windows 7 we have failed to disable "compression" via both Control_panel>Users>Email. A shot is attached (sorry, it's in Russian and it says literally "Outlook cannot perform such operation") which immediatelly appeared after trying to "change" anything with KOC here.

http://forums.kerio.com/fa/2429/

Deletion of KOC and reinstalling it fails too. Complete reinstalation also failed.

Any suggestions?

UPD - Windows 7 Pro, Office 2010

  • Attachment: scrn1.png
    (Size: 25.29KB, Downloaded 674 times)

[Updated on: Thu, 12 January 2012 10:34]

Thunderbyte

Messages: 47
Karma: 1
Send a private message to this user
Getting Software Maintenance? A business critical product without updates is worthless.
Previous Topic: Sophos not updating (7.3.2)
Next Topic: Mailing List Posting / Denial
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 10:23:17 CEST 2017

Total time taken to generate the page: 0.00584 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.