HeartBleed OpenSSL Vulnerability
2017-06-10 15:18:16All of us here at Directory Wizards were stunned by the OpenSSL bug dubbed HeartBleed. More information on this can be found at Schneier on Security and Wikipedia.
To be blunt, all of our software has been affected by this bug. Our current distribution of software uses OpenSSL 1.01f which was the last version released prior to the fix of 1.01g.
What does this mean for you the customer?
- All Microsoft SERVERS are //immune// to this kind of attack.
- To our knowledge, all attacks using the SSL heartbeat bug are SERVER attacks which can read encrypted data as well as cryptographic keys.
- Our use of OpenSSL is as a CLIENT and as such has not exhibited a known compromise of information.
We believe our current released software does not pose a threat. If you have any concerns and your software maintenance is current, please contact support@dirwiz.com to receive a patched build.