HeartBleed OpenSSL Vulnerability2017-06-10 15:18:16
To be blunt, all of our software has been affected by this bug. Our current distribution of software uses OpenSSL 1.01f which was the last version released prior to the fix of 1.01g.
What does this mean for you the customer?
- All Microsoft SERVERS are //immune// to this kind of attack.
- To our knowledge, all attacks using the SSL heartbeat bug are SERVER attacks which can read encrypted data as well as cryptographic keys.
- Our use of OpenSSL is as a CLIENT and as such has not exhibited a known compromise of information.
We believe our current released software does not pose a threat. If you have any concerns and your software maintenance is current, please contact firstname.lastname@example.org to receive a patched build.