As some of you may know, there were quite some talks lately about RC4 ciphers being insecure and this presents a significant challenge to service providers like XMedius. Windows XP rely only on RC4 ciphers to encrypt communications and is vulnerable to RC4 attacks.
Subsequent versions of Windows use more secure ciphers by default, but still support RC4. This brings us to the core of the issue: as long as XMedius supports RC4 ciphers, there is a risk that MITMA (man in the middle attack) can be performed to disrupt the encrypted communication between XMedius and its customers and force a fallback to a weak RC4 cipher.
While Windows XP extended support has expired more than a year ago, Windows XP is still being used on about 17% of desktops in the world. As such, disabling RC4 cipher support is a disruptive decision, but we feel it necessary for the security of all our customers.
Today, we are announcing that we will discontinue the support for RC4 cipher in 1 year, on April 10th 2016. Our existing customers still using Windows XP have one year to complete the migration to a newer version of Windows OS.
The XMediusCLOUD Security Team