Ran the hotfix this morning on the production epo server and everything looks fine. The readme file does mention other steps to do if you suspect that you were compromised by HeartBleed. How do you actually now whether you were comprised or not? It mentions regenerating the ePO agent client to server keys and changing the SQL password.
In our environment, I am not too sure if we need to do those extra steps like key regeneration. Our ePO server is not exposed to the Internet, port 443 is only allowed from clients inside our organisation. Also the SQL and Admin console (port 443) are only exposed to certain IP addresses. Are other people taking the extra steps of regenerating the agent keys and if so what are the dangers/risks of doing this? We are in a Non-AD environment and don't have the staff to fix systems that quit talking back to the ePO server after a key regeneration. Is just applying the hotfix good enough?
Just did my backups as per KB66616 on my development server with ePO 4.6.7 and ran ePOHF960279.exe. Seem fine so far.
Though you may have to do the agent key update, there is no harm. If someone had compromised your environment they could have sniffed your ePO server and acquired your private key.
The best hacks go unrecognized.
FYI EPO 4.6.7
Installed on test VM server and production, no problems.
Thanks
Hi
in the readme file you can check which epo console version is vulnerability and how to check if you are covered after apply the patch
https://kc.mcafee.com/corporate/index?page=content&id=PD25159
regards
Claudio
the latest SNS sates: "FIPS 140-2 installs of ePO are NOT vulnerable"
- what does that specific ePO variation use instead of OpenSSL?
- is this ePO variation available to the wider consumers internationally?
any insight would be appreciated.
ePO installed in FIPS mode uses OpenSSL v 0.9.8, which is not vulnerable.
For full FIPS details, please see KB75739 .
(In my opionion FIPS mode is *not* a solution to this vulnerability - there are significant hurdles involved in getting a FIPS-mode installation, and the released hotfix would be the approach I would recommend.)
HTH -
Joe
EPOHF960279-2.zip | April 11, 2014 (* reposted April 15, 2014) |
What's wrong with the first version of the ePo hotfixes? All of them have been reposted on April 15th.
https://kc.mcafee.com/corporate/index?page=content&id=SB10071
Under certain circumstances the HF would install to the wrong directory, meaning that when you checked the version of ssleay32.dll as per the installation instructions, you would still see the vulnerable version.
Please see KB81713 for details.
HTH -
Joe
I have an EPO Server running EPO 4.6.7 and I Installed the Original Hotfix EPOHF960279 just this morning and also verified the ssleay32.dll File version 1.0.1.7 as stated in the release notes.
Do i still need to re-install the New Hotfix (EPOHF960279-2) release April 15th even though i have verified the file version and i never did any migration?
Can I just ignore this Hotfix EPOHF960279-2?
Thanks
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA