Tuesday, April 22, 2014

VMware not Heartbleeding anymore

I bet by now you have heard about the Heartbleed vulnerability - CVE-2014-0160.

It’s a bug on OpenSSL cryptographic software library which could be exploited to steal information through it’s engine.
Hundreds of softwares and products around the world uses OpenSSL to encrypt and protect the information through the Internet.

Well, VMware is not an exception, several VMware’s products were affected by the bug, (if you are in doubt about what products were affected, this KB2076225 made a list of them) but VMware is also an exception when dealing with customers top priority, as security and risk of it’s assets, so as of April 20th ALL VMware products were remediated.

It’s up to you now, go out there and update your products and eliminate that risk out of your environment.

VMware also provided a Security Advisory (VMSA-2014-0004.6), which contains the links for the updated version of all products.

Here’s also a good video to learn how Heartbleed attack works

Don’t wait until tomorrow to secure your environment !!!

No comments:

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive