What is Heartbleed?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communications. OpenSSL is used by many web sites and other applications such as email, instant messaging, and VPNs.
Heartbleed can allow an attacker to read the memory of the systems using certain versions of OpenSSL, potentially allowing them to access user names, passwords, or even the secret security keys of the server. Obtaining these keys can allow malicious users to observe all communications on that system, allowing further exploitation.
Who is impacted by Heartbleed?
Given that this vulnerability has existed for at least two years, an organization that has deployed servers running OpenSSL versions 1.0.1 through 1.0.1f in that period is likely vulnerable to the Heartbleed Bug and should take immediate steps to remediate.
While there are some initial reports of attacks based on the Heartbleed vulnerability, these are preliminary reports and it should be noted that it is very difficult to determine if this attack has occurred in the past. Accordingly, even if an organization is not currently vulnerable, it may have been in the past and it should therefore take immediate steps to remediate if they have deployed the vulnerable OpenSSL versions.
Which products may be affected?
Trend Micro has identified that the InterScan Messaging Security Suite (IMSS) 7.5 Windows Web UI is affected by this issue (OpenSSL 1.01e).
You may also check the list of other Trend Micro products that may be affected here
Please visit this site regularly since the list is continuously updated with information and solutions as they become available.
Recommended action for IMSS 7.5 Windows
If you have issues or questions in obtaining the solutions, contact your authorized Trend Micro support representative for further assistance.