Microsoft Easy Fix 51044.msi

[Llanque Mazurek]

Iam trying to get from MS Support site the Easy Fix that modifies the registry in a correct way. The name is 'MicrosoftEasyFix51044.msi' but there is no link at the mentioned page. Why and where can I get the easy fix now?

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

If you are still facing the issue, Install the Windows update KB3140245, either through Windows Update, where it is available as an Optional Update, or download it from the Microsoft Update Catalog (www.catalog.update.microsoft.com).

The file is available for download in the section labeled Easy To Fix on the above-mentioned page. Suppose the easy fix option is not suitable for you, and you prefer to manually edit your computer's registry. In that case, the article also provides that information in the section "How the DefaultSecureProtocols registry entry works."

Hello there! We take your privacy seriously, and want to be as transparent as possible. So: We (and our partners) use cookies to collect some personal data from you. Some of these cookies we absolutely need in order to make things work, and others you can choose in order to optimize your experience while using our site and services. It's up to you!

Additionally, we and our advertising partners store and/or access information on your device and also process personal data, like unique identifiers, browsing activity, and other standard information sent by your device including your IP address. This information is collected over time and used for personalized ads, ad measurement, audience insights, and product development specific to our ads program.

If this sounds good to you, select \"I Agree!\" below. Otherwise, you can get more information, customize your consent preferences, or decline consent by selecting \"Learn More\". Note that your preferences apply only to Tumblr. If you change your mind in the future you can update your preferences any time by using the Privacy link beneath each ad. One last thing: Some of your data may be processed by our advertising partners based on legitimate interests instead of consent, but you can object to that by choosing \"Learn More\" and then disabling the Legitimate Interests toggle under any listed Purpose or Partner on their respective settings pages.

As you might already know, TLS version 1.0 is not safe anymore and should be disabled, just like SSL 2.0 and SSL 3.0: if you want to know why you can either read this post, which summarizes pretty much you have to know, or recover some info regarding the three biggest attacks that managed to exploit the various TLS 1.0 vulnerabilities discovered within 2011 and 2014: BEAST, Heartbleed and POODLE.Anyway, if you have a recent version of Windows - such as Windows 10 - you won't be affected by this issue, provided you always install the OS updates through the official channels. Conversely, if you're still using Windows 7 or Windows 8, you might have to perform some manual tasks in order to get rid of that outdated TLS version: on these systems, all applications created in WinHTTP (Windows HTTP Services) such as MS Outlook, MS Word, and the likes will use TLS 1.0 support, which is the default encryption standard for these OSes. As a result, if you attempt to establish a secure connection from your Outlook client to a "TLS secured" server, there is a high chance that MS Outlook will display one of the following error messages:The server does not support the specified connection encryption type. Your server does not support the connection encryption type you have specified.Luckily enough, this can be fixed by telling your OS to never use TLS 1.0 anymore, and stick with TLS 1.1 and 1.2 by default. Here's a small guide explaining how you can do that.

The first thing to do is to download and install the Windows KB3140245: you can do that using Windows Update, since it's available as an optional update, or manually download it from the following official website: =kb3140245This will equip your OS with TLS versions 1.1 and 1.2.

The next step you need to do is to patch your Windows Registry file, so that your OS will actually use the new TLS protocol versions (1.2, and 1.1 as a fallback) instead of the outdated and vulnerable 1.0 one. This can be done either automatically (with an official Microsoft-released patch file) or by manually editing the registry file using regedit or our own TLS12fix.reg file.Microsoft Patch FileThe Microsoft patch file is called MicrosoftEasyFix51044.msi and can be downloaded from this url: -us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi#easyIf you're doing this to face a common MS Outlook scenario, downloading and executing this file is all that you need to fix your issue.Manual updateIf you're an experienced user this probably is the recommended approach, since it allows you to choose which protocol to enable or not.#1. Setting the default TLS protocolsThe first thing you do is to create a new DWORD key called DefaultSecureProtocols in the following sections of your registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttpThe HEX value to set depends on which protocol(s) you would like to enable by default: To enable TLS 1.0, TLS 1.1 and TLS 1.2, set the value to 0xA80 (not recommended- that's what you want to avoid). To enable TLS 1.1 and TLS 1.2 only, thus disabling TLS 1.0, set the value to 0xA00. This is the recommended approach as of today (might change in the future if TLS 1.1 becomes outdated as well). To enable TLS 1.1 only, set the value to 0x200. To enable TLS 1.2 only, set the value to 0X800.If you want to know more about these settings, take a look at this official Microsoft page, which explains everything and also adds some valuable info about the whole topic.#2. Enable TLS 1.1 and 1.2 at the SChannel component levelThe second thing to do, as explained in this TechNet article, is to create another DWORD key called DisabledByDefault in the following sections of your registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ClientAnd set a value of 0 (zero).Registry Patch File(s)If you don't want to manually edit your Windows Registry file using regedit, you can download use these registry patch files which we made, that will automatically set all the above registry keys with a single click.Download Registry Patch File to enable TLS 1.1 and TLS 1.2 (recommended as of 2019.10)Download Registry Patch File to enable TLS 1.1 onlyDownload Registry Patch File to enable TLS 1.2 only

That's it, at least for now: I sincerely hope that this post will be useful for those system administrators, power users and enthusiasts who want (or need) to patch their system to get rid of TLS 1.0 and fix this security vulnerability for good. Read the full article

To enable TLS 1.2 for Windows 7, you will need to patch your system to modify the registry. Be sure your system is fully updated through the update center, then download and install the patch from Microsoft's website

About this update

Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This is because the definition of this flag doesn't include these applications and services.

This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used.

This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.

This is the case for some Microsoft Office applications when they open documents from a SharePoint library or a Web Folder, IP-HTTPS tunnels for DirectAccess connectivity, and other applications by using technologies such as WebClient by using WebDav, WinRM, and others.

This update requires that the Secure Channel (Schannel) component in Windows 7 be configured to support TLS 1.1 and 1.2. As these protocol versions are not enabled by default in Windows 7, you must configure the registry settings to ensure Office applications can successfully use TLS 1.1 and 1.2.

This update will not change the behavior of applications that are manually setting the secure protocols instead of passing the default flag.

Method 1: Windows Update

1. Click Start, type update in the search box, and in the list of results, click Windows Update.

2. In the details pane, click Check for updates and then wait while Windows looks for the latest updates for your computer.

3. If you see a message telling you that important or optional updates are available, or telling you to review important or optional updates, click the message to view the updates to install.

4. In the list, select the check box for the updates that you want to install, click OK, and then click Install updates.

Prerequisites

To apply this update, you must install Service Pack 1 for Windows 7. You can refer to the below KB for the same.

-us/topic/information-about-service-pack-1-for-windows-7-and-for-windows-server-2008-r2-df044624-55b8-3a97-de80-5d99cb689063

Registry information

To apply this update, the DefaultSecureProtocols registry subkey must be added.

Note: To do this, you can add the registry subkey manually or install the "Easy fix" to populate the registry subkey.

How to add add the registry subkey manually

Important:This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.You can refer to the below KB for the same

-us/topic/how-to-back-up-and-restore-the-registry-in-windows-855140ad-e318-2a13-2829-d428a2ab0692

When an application specifies WINHTTP_OPTION_SECURE_PROTOCOLS, the system will check for the DefaultSecureProtocols registry entry and if present override the default protocols specified by WINHTTP_OPTION_SECURE_PROTOCOLS with the protocols specified in the registry entry. If the registry entry is not present, WinHTTP will use the existing operating system defaults for Win WINHTTP_OPTION_SECURE_PROTOCOLS HTTP. These WinHTTP defaults follow the existing precedence rules and are overruled by SCHANNEL disabled protocols and protocols set per application by WinHttpSetOption.

The DefaultSecureProtocols registry entry can be added in the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

The registry value is a DWORD bitmap. The value to use is determined by adding the values corresponding to the protocols desired.

For example:

The administrator wants to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.

Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800), then add them together in calculator (in programmer mode), and the resulting registry value would be 0x00000A00.

Easy fix

Use the below link for downloading EasyFix.

-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi

After downloading, Run or Open, and then follow the steps in the easy fix wizard.

Enable TLS 1.1 and 1.2 on Windows 7

For TLS 1.1 and 1.2 to be enabled and negotiated on Windows 7, you MUST create the "DisabledByDefault" entry in the appropriate subkey (Client) and set it to "0". These subkeys will not be created in the registry since these protocols are disabled by default.

Create the necessary subkeys for TLS 1.1 and 1.2; create the DisabledByDefault DWORD values and set it to 0 in the following locations:

For TLS 1.1

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

DWORD name: DisabledByDefault

DWORD value: 0

For TLS 1.2

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

DWORD name: DisabledByDefault

DWORD value: 0

You may have to restart the computer after you apply this update.

3a8082e126