In order to comply with PCI standards, it is necessary to disable the insecure TLS protocol version 1.0 on our servers. However, if your PC is still running Windows 7/8 and you use applications like Outlook or Word that rely on WinHTTP (Windows HTTP Services), it’s important to note that these applications only support TLS v1.0. Easy fix 51044 is a solution to this concern which enables TLS 1.1 and 1.2 in a few clicks.
Name of the Easy fix 51044 file is MicrosoftEasyFix51044.msi. You can download MicrosoftEasyFix51044.msi to enable the advanced version TLS through Registry change. Note that you don’t need to do anything manually but simply run this file instead. In the following part, we will provide the registry changes that the MicrosoftEasyFix51044.msi makes.
Table of Contents
Easy fix 51044 Download for Windows to Enable TLS 1.1, 1.2
Here is easy fix 51044 Download for Windows to Enable TLS 1.1, 1.2:
Download Easy fix 51044 in Windows and run it
- Click any of the links – link1, link2.
- Once downloaded, double click on MicrosoftEasyFix51044.msi.
- Windows Installer will show “Preparing to install”; wait a while and check the option I agree.
- Click Next and follow the onscreen instructions.
- At last, restart the computer to work with TLS 1.1 and TLS 1.2.
Registry changes included in MicrosoftEasyFix51044.msi
Here are the registry modifications that Easy fix 51044 includes:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
“DefaultSecureProtocols”=dword:00000AA8
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
“DefaultSecureProtocols”=dword:00000AA8
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
“SecureProtocols”=dword:00000A80
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
“SecureProtocols”=dword:00000A80
The entries will enable all protocols for both x64 and x32. The changes also follow the recommendation to enable TLS 1.1 and 1.2 in IE however that is probably better handled by a Group policy.
Enable TLS 1.1 and 1.2 through a Window Update KB3140245
The task that MicrosoftEasyFix51044.msi performs, a Windows update KB3140245 can also execute. This update is an alternative to Easy fix 51044 to enable TLS 1.1 and 1.2 after installing from the Microsoft update catalog site or automatic mode.
Let’s see first what this update brings:
Applications and services that utilize WinHTTP for establishing Secure Sockets Layer (SSL) connections are unable to utilize the TLS 1.1 and TLS 1.2 protocols
KB3140245 introduces a new feature whereby system administrators can use the DefaultSecureProtocols registry entry to specify the SSL protocols that should be employed when employing the WINHTTP_OPTION_SECURE_PROTOCOLS flag. This provides administrators with greater control over determining which SSL protocols are utilized in their systems.
By leveraging the DefaultSecureProtocols registry entry, certain applications that were originally designed to use the WinHTTP default flag can now seamlessly utilize the more recent TLS 1.2 or TLS 1.1 protocols without requiring any updates to the application itself. This enhancement allows for native integration of the newer protocols, providing improved security and compatibility without the need for application-level modifications.
Certain Microsoft Office applications, when accessing documents from a SharePoint library or a Web Folder, as well as applications utilizing technologies like WebClient with WebDav, WinRM, IP-HTTPS tunnels for DirectAccess connectivity, and others, fall into this category. These applications can now benefit from the enhanced TLS 1.2 or TLS 1.1 protocols without requiring any modifications, providing improved security and functionality in these scenarios.
To ensure successful utilization of TLS 1.1 and TLS 1.2 by Office applications in Windows 7, this update mandates the configuration of the Secure Channel (Schannel) component. By default, these protocol versions are not enabled in Windows 7, so it is necessary to adjust the registry settings accordingly. This ensures that Office applications can seamlessly utilize TLS 1.1 and TLS 1.2 for enhanced security and compatibility.
Applications that manually configure secure protocols instead of relying on the default flag will not be affected by this update. The update will not alter the behavior of such applications, allowing them to continue operating with their existing secure protocol configuration.
How to download KB3140245 and install
Using Microsoft update catalog
- Go to the KB3140245 download link: Microsoft update catalog.
- Find the supported file for your computer and click on Download.
- Select the link located on the new popup page.
- Once computed, double-click on .msu file.
- Confirm the prompt and that’s all.
How to Download and Install Update from Microsoft update catalog on Windows 11/10
Methods:
Download Easy fix 51044 in Windows and run it
How to download KB3140245 and install
That’s all!!