Skip to main content

How to Fix POODLE on Windows Server 2012

(Update) We’ve released some great new content over the past few years, visit Cloud Academy’s Training Library for the latest training material.


In a recent post, we discussed what the POODLE Scans Attack is and how to disable it in Amazon AWS ELB and Cloud Front Services. In this article, we will see how to fix the POODLE on Windows Server 2012 R2. The POODLE Scans Attack is a specific vulnerability of SSLV3.0, so to mitigate this attack we need to disable SSLV3.0 completely.

In Windows Server 2012 R2 the SSL/TLS protocols are controlled by flags in the registry settings. So to disable the SSLV3 we need to edit the registry settings. We need to have Administrator privileges to perform this activity.

Before performing the disabling of POODLE Scan Attack on any device, we need to verify whether hosted domain/host is Vulnerable with respect to POODLE or not.
Vulnerable Domain                                                                           Non vulnerable domai)
SSLv3_POODLE_0SSLv3_POODLE_last
If your domain/URL is shown as vulnerable, the following steps will disable SSL3 and fix the vulnerability:

How to fix POODLE on Windows Server 2012 R2

  1. Login to Windows Server 2012 R2 and open the Registry Editor running it as administrator:
    On the Start screen type regedit.exe.
    Right-click on regedit.exe and click Run as administrator.
  2. In the Registry Editor window, go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
    SSLv3_POODLE_1
  3. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key and name the key as SSL 3.0SSLv3_POODLE_2
  4. In the navigation tree, right-click on the new SSL 3.0 key that we have created in the above step, and in the pop-up menu, click New > Key and name the key as ClientSSLv3_POODLE_3
  5. In the navigation tree, right-click again on the SSL 3.0 and in the pop-up menu, click New > Key and name the key as Server
  6. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value
    and name the value DisabledByDefaultSSLv3_POODLE_5
  7. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.SSLv3_POODLE_6
  8. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value and name the value Enabled.
  9. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.SSLv3_POODLE_8
  10.  Restart the Windows Server to apply these changes permanently.

After the restart, verify whether your changes have applied successfully by checking your domain again on POODLE Scan Test, and you are done!

Avatar

Written by

Praveen Kumar Muppala

I have strong experience on Multiple Unix/Linux flavours, LAMP Stack, Monitoring Systems, Database, NoSQL. I love to explore the new concepts/services in Cloud Computing World. I have written 4 certifications in different flavours of Linux/Unix.

Related Posts

Avatar
Adam Hawkins
— April 16, 2019

The Convergence of DevOps

IT has changed over the past 10 years with the adoption of cloud computing, continuous delivery, and significantly better telemetry tools. These technologies have spawned an entirely new container ecosystem, demonstrated the importance of strong security practices, and have been a catal...

Read more
  • DevOps
  • Security
Avatar
Adam Hawkins
— March 21, 2019

How DevOps Increases System Security

The perception of DevOps and its role in the IT industry has changed over the last five years due to research, adoption, and experimentation. Accelerate: The Science of Lean Software and DevOps by Gene Kim, Jez Humble, and Nicole Forsgren makes data-backed predictions about how DevOps p...

Read more
  • DevOps
  • Security
Avatar
Stuart Scott
— November 29, 2018

New Security & Compliance Service: AWS Security Hub

This morning’s Andy Jassy keynote was followed by the announcement of over 20 new services across a spectrum of AWS categories, including those in Security and Compliance, Database, Machine Learning, and Storage.  One service that jumped out to me was the AWS Security Hub, currently...

Read more
  • AWS
  • re:Invent 2018
  • Security
Alex Brower
Alex Brower
— October 17, 2018

Interview: Q&A with John Visneski

Security is a top priority for organizations of all types, with research firm IDC projecting 10% spending growth to $91 billion dollars in 2018. For leadership, security is important considering the cost, regulation, and reputation at stake when breaches occur. According to a joint ...

Read more
  • Security
John Visneski
John Visneski
— October 2, 2018

Building Security Teams in a Competitive Talent Market: These Are The Droids You’re Looking for

John Visneski is the Head of Security and DPO at The Pokemon Company International. If you missed the webinar we organized in collaboration with John Visneski you can still watch it on demand, simply click here. The reasoning behind the popularity of this perspective is clear, if no...

Read more
  • Security
Albert Qian
Albert Qian
— September 25, 2018

Microsoft Ignites Cloud Industry With Nadella Keynote

On Monday, Microsoft kicked off its Ignite conference, an annual gathering of developers and IT professionals. Over the next week, attendees will learn about upcoming Microsoft innovations in IoT, artificial intelligence, machine learning, and cloud (all while getting some good networki...

Read more
  • Events
  • IoT
  • Machine Learning
  • Security
Avatar
Cloud Academy Team
— August 29, 2018

4 Reasons You Need to Include Business Stakeholders in Cloud Training

Digital transformation is changing how organizations in every industry approach their business strategy, serving as the foundation of their technology initiatives. Chief among this includes cloud adoption, which is not just a path to IT savings, but also increasingly where companies are...

Read more
  • Cloud Adoption
  • Security
Aaron McKeown
Aaron McKeown
— August 1, 2018

Build a Security Culture Within Your Organization

At this year’s AWS Summit Sydney, I was invited to speak about security culture and share a few practical examples of how organizations can build a positive security culture through increased visibility and enablement at all levels. But, what is a positive security culture?At Xero, we...

Read more
  • Security
Albert Qian
Albert Qian
— June 19, 2018

Preparing for the Microsoft Azure 70-535 Exam

(Update) The Azure 70-535 exam was retired on December 31, 2018, and it was replaced by the AZ-300 and AZ-301 exams. To prepare for these exams, we recommend the Cloud Academy's AZ-300 Exam Preparation: Technologies for Microsoft Azure Architects and the AZ-301 Exam Preparation: Designi...

Read more
  • Azure
  • Compute
  • Database
  • Security
Avatar
Stuart Scott
— May 17, 2018

4 Best Practices to Get Your Cloud Deployments GDPR Ready

With GDPR coming into force later this month, security and compliance will be the top-most priority for any cloud deployment that contains personal data of EU citizens.While leading providers have moved to make their platforms and services compliant, ensuring compliance requires more ...

Read more
  • GDPR
  • Security
Avatar
Cloud Academy Team
— May 7, 2018

AWS Summit London 2018: Our Top Picks

Cloud Academy is proud to be a sponsor of AWS Summit London coming up May 9-10 at the ICC, ExCeL, London.Join us in booth S24, Level 1 where our AWS experts will be on hand to answer your questions and walk you through our latest content and newest platform features.Ask us about y...

Read more
  • AWS Summits
  • GDPR
  • Security
Avatar
George Gerchow
— March 26, 2018

GDPR Compliance: Low Cost, Zero-Friction Action Items

George Gerchow is Chief Security Officer at Sumo Logic and Adjunct Honorary Lecturer at Cloud Academy. View the on-demand recording of our recent webinar, Establishing a Privacy Program: GDPR Compliance & Beyond with Mr. Gerchow and Jen Brown, Data Protection Officer at Sumo Logic....

Read more
  • GDPR
  • Security