VMHOSTS NEWS

New OpenSSL vulnerabilities

You may have heard of the recently released (1/11/2022) OpenSSL vulnerabilities which are getting a lot of attention. The media and hype around the release has similar connotations to the log4j issue.

New OpenSSL vulnerabilities – released 01/11/2022

You may have heard of the recently released (1/11/2022) OpenSSL vulnerabilities which are getting a lot of attention. The media and hype around the release has similar connotations to the log4j issue. The build-up to the release has been building tension as IT admins worry about the impact of the release and how much danger the systems they manage are in.

OpenSSL is the security layer used by a vast amount of software, including web sites and some desktop software to create the secure encryption needed for the modern world. It’s what powers most of the websites to get the padlock in the address bar and so the potential for impact from this release was incredibly high.

However now the details have been released the panic is much reduced.

Firstly, the number of actually vulnerable versions in the wild is relatively low. This affects a relatively narrow range of OpenSSL: only versions 3.0.0 to 3.0.6 so the range of servers and applications affected is much lower than initially anticipated. Secondly, the way the vulnerability works means the method to be exploited is convoluted and would indicate other serious problems already in existence.

“Exploiting this vulnerability requires quite a bit of set up and a number of factors to fall into place before it could be leveraged. Organizations should perform analysis to see if they are impacted, although there are relatively limited affected systems, as the attack primarily impacts the client-side, not the server.” commented Victor Wieczorek, VP of App Sec, Threat & Attack Simulation at GuidePoint Security.

VMhosts will be monitoring the situation for our customers and patching software as appropriate. If you need any help or support with this issue or any other issues, please reach out to us on 012223 919254.

READ OUR LATEST BLOG POSTS & articles

Free VMWare?

Free VMware is back! Lets take a look to see if its a good idea to use it!

Is EDR, MDR or XDR the best for keeping your business cyber-safe?

If you’re a small business owner navigating the ever-expanding world of cybersecurity, chances are you’ve come across the acronyms EDR, MDR, and XDR. It’s a complicated landscape and its sometimes hard to know the difference, never mind the right choice! Let us help you make the right choice…

World Backup Day 2025

March 31st is World Backup Day, a reminder that data is one of the most valuable assets for businesses. Somehow, many organisations still fail to implement a robust backup strategy and only discover this when disaster strikes.

FREE Office 365 Security Health Check

As businesses move to agile mobile solutions such as Office 365, cyber criminals are exploiting this choice, to many Office 365 is new technology platform. Once a business has migrated key services to these always on services they become dependent on their availability and make the assumption the platform is secure by default.