Vendors address the Heartbleed bug
Posted on 11 April 2014.
Which products and services are affected by the Heartbleed bug in OpenSSL? Vendors have started issuing security advisories telling users which of their products are safe and which will have to be updates.

Cisco has shared that over a dozen of its products and 2 of its services vere found to be vulnerable.

The services - Cisco’s Registered Envelope Service and Webex Messenger Service - have already been patched, but the products, which include the company's IOS XE operating system, have yet to be fixed. And, the list might yet turn out to be incomplete, as the investigation is still ongoing.

"A subset of Juniper’s products were affected by the Heartbleed vulnerability including certain versions of our SSL VPN software, which presents the most critical concern for customers. We issued a patch for our SSL VPN product on Tuesday and are working around the clock to provide patched versions of code for our other affected products," Juniper Networks' spokesperson has revealed, and urged customers to contact Juniper’s Customer Support Center for detailed advisories and product updates.

Microsoft has assured users that most Microsoft’s offerings are not vulnerable, including all Windows operating systems and IIS versions.

"Customers running software on Windows that uses OpenSSL instead of SChannel [Window's own encryption component](for example, running the Windows version of Apache), may be vulnerable. We recommend that all customers who may be vulnerable follow the guidance from their software distribution provider," they added.

Many other vendors have issued advisories detailing temporary results of their investigation regarding the affect of the bug on their products. You can find most of them linked here (check out both the post and the comments) and here.

We can look forward to a lot of security patching in the coming weeks and months, and when it comes to Internet of Things devices, it's possible that even years will pass until the patches are released (if ever).





Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //