Founder's blog

Latest Windows Server update breaks SSL in Chrome

Nov 21 2014 :: by Alex

TL:DR Microsoft patch KB2992611 for Windows Server breaks IIS-webserver's SSL for some Google Chrome visitors.
Workaround: uninstall the patch (not very secure) or temporary disable TLS 1.2 on the server until MS fixes this. UPDATE: or install the updated patch released yesterday! See the end of this post.

Couple of days ago after installing the latest updates on our Windows Server 2012 we started seeing reports from some of our users unable to connect to our support ticket system using SSL in Chrome (only in Chrome, which is odd). The users were getting ERR_CONNECTION_ABORTED, ERR_TIMED_OUT and other variations.

Which was really odd, since the server worked fine from our test locations, also the GeoPeeker service was showing that is everything is OK (fine tool by the way, if you want to quickly test your server from different locations).

But something was defintely wrong. Although we were unable to replicate the issue, we started seeing complaints at Google Chrome product forums, some discussions at social.technet.microsoft.com and found some blog posts from fellow administrators - all about the same thing: the KB2992611 patch has some major issues.

Possible workarounds can be found here.

UPDATE: Amazon is aware of the issue https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/

UPDATE 2: Microsoft has released an update of the update yesterday here see the log section at the bottom. Be sure to download and install it ASAP.

'Latest Windows Server update breaks SSL in Chrome' was written by Alex by Alex. CEO, founder