AnyConnect, one of the most popular VPN clients for Cisco, seems to encounter problems with connectivity due to Microsoft’s KB 3023607. The problem is addressed and Microsoft is working on a patch.
Microsoft has been aiming to change the way in which TLS (Transport Layer Security) works as a cryptography protocol; however, the KB 3023607 has not performed that well. Cisco addressed the problems occurring with the connectivity and advised as to possible solutions quite promptly. According to Cisco: “KB 3023607 makes some AnyConnect clients give the “Failed to initialize connection subsystem” error. This issue was introduced by KB# 3023607: Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior. Included with Microsoft Security Bulletin MS15-009 — Critical Security Update for Internet Explorer (3034682). This issue should also affect Windows 7 user with IE11, but no reports of failure have been seen yet.”
AnyConnect VPN is among the most commonly used VPN clients, supporting all OS (meaning Windows, Mac OS X, Linux and Android with iOS). This has led users of the VPN to great distress, as they were not able to connect and enjoy their Internet connection. Peter Davis from Cisco has followed through with another post, reassuring everyone that the company is dealing with the issue and offering some guidelines.
Additionally, he urged everybody to submit a ticket and inform as to their experience on the matter: “Cisco opened a priority 1 case with Microsoft yesterday as soon as we found out about this issue. We are continuing to escalate this issue with Microsoft for a resolution timeframe. We recommend that all customers open their own cases with Microsoft since the ultimate fix will need to come from them. You can feel free to reference Cisco’s case # which is 115021112390273 in order to expedite having your ticket properly triaged by their support team.” He then continued on with the two solutions that can help out users who have been suffering from the same lack of connection: “There are two potential workarounds until Microsoft provides a fix:
- Windows 8 compatibility mode for the app
- Customers can uninstall the KB 3023607 update from Microsoft. However, this will also remove any other security fixes provided by Microsoft as part of the update. This can be removed under:
Control Panel / Programs / Programs and Features, click “View installed updates” on the left and locate and uninstall the update labeled with KB 3023607. This update is not visible when you try to locate it through the Windows Update application’s history, but it is accessible via Control Panel.”
Microsoft is working on the fix and this is a temporary solution, of course. If you wish to learn more about how Cisco has reacted and what they have made public so far regarding the inconvenience faced due to the KB 3023607, you can visit their Facebook page and check everything out. It is worth mentioning that tech companies are trying eagerly to find out ways to confront man-in-the-middle attacks and the efforts of Microsoft were kept in that direction. Microsoft has not commented on the incident as yet, unlike Cisco.
Update: Feb 17, 2015 – Microsoft posts fix for Poodle patch KB 3023607. Stay tuned!
Top/Featured Image: By Simon via Pixabay