Vulnerability Updates image

Vulnerability Updates

At Iatric Systems, we stay informed on vulnerabilities in software that could impact our customers and services.

Windows Vulnerability Update
Microsoft has announced a serious software vulnerability for any of their platforms utilizing SSL/TLS encryption technology.

This security update resolves a reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.  

This security update is rated Critical for all supported releases of Microsoft Windows and addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets. Iatric Systems internal servers have been patched.

For more information about this update, see Microsoft Knowledge Base Article 2992611: https://technet.microsoft.com/library/security/MS14-066.

If you have any questions or concerns about the application of this patch and its impact on Iatric Systems services in your enterprise, please reply to this email and your request will be expediently addressed by our technical staff.  

Iatric Systems Support Staff
[email protected]
978.539.0734

Heartbleed Vulnerability Update
You have likely already heard about the Heartbleed Vulnerability that affects many systems that use OpenSSL software to secure SSL/TLS internet traffic and websites. This bug affects any website or system that uses certain versions of OpenSSL. OpenSSL is a tool that is designed to secure internet transmissions via encryption. Because of this vulnerability, your “secure” transmissions may not have been so secure. This is potentially the worst vulnerability discovered in some time as the bug may have been present for approximately two years.

Iatric Systems has evaluated its external web facing systems used by customers and partners, and has determined that no Heartbleed vulnerability remains in effect for any system. Iatric Systems websites and services used by customers utilize technologies which are not vulnerable.

Iatric Systems products make use of encryption capabilities provided by the operating system or server vendor, and in some cases, the information system vendor. Most of these products make use of the same Secure Channel (Schannel) encryption components provided by the Microsoft family of operating systems and programming tools, and are not vulnerable to the Heartbleed bug.

After evaluation, we do not believe that any Iatric Systems products are vulnerable to the Heartbleed bug. Iatric Systems continues to evaluate solutions provided in conjunction with other vendors to determine if other endpoints of solution connections are vulnerable.

Additional Information
If you have additional support questions, please email [email protected], or call 978-539-0734.

More Features and News...