Sophos Endpoints and CVE-2014-0224

Hi there,

This isn't actually related to Sophos.

However you can try a quick fix on a test machine.

Open Internet Explorer>Internet Options>Advanced, scroll down to SSL, uncheck 1.0. and retest. If this works for you you can push the settings to all endpoints using Group Policy.

I haven't tested this so I'm not sure if this is the cause of the issue.

Regards.

I believe that both the "server" and "client" need to vulnerable?  Is the server on RMS 4 and the client on RMS3?  In which case I think you are OK.  One to check with the Support I suspect.

Regards,

Jak

  My server is loading 5 instances of SSLEAY32.DLL and 3 different versions.  1.0.1.8   1.0.1.10 and 0.9.8.12  All are being loaded by Sophos processes.

Run Listdlls http://technet.microsoft.com/en-us/sysinternals/bb896656.aspx with this command:

listdlls -d ssleay32.dll -v  

CVE-2014-0224: 5th June 2014

 An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. (original advisory). Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).


Fixed in OpenSSL 1.0.1h (Affected 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)

Fixed in OpenSSL 1.0.0m (Affected 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)

Fixed in OpenSSL 0.9.8za (Affected 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8e, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8