Answering my own question:
It is NOT in todays FSL release which just came out (see here). There was a separate SNS note minutes after the FSL content update. It said:
McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160). This is a vulnerability in OpenSSL that could allow an attacker to gain access to system memory (in 64K chunks) which potentially could contain sensitive information or communications.
McAfee is investigating affected products and will be provide additional information via SNS today.
Well, the SNS notice was disappointing:
McAfee is identifying those products impacted by the vulnerable OpenSSL versions and updating them to a remediated OpenSSL version. A consolidated Security Bulletin will be published on the McAfee Knowledge Center (support.mcafee.com) and list all affected products. This document will be updated daily as new hotfixes and patches are posted for customer download.
An SNS Notice will be sent advising when the Security Bulletin is available, and additional SNS messages will be sent as updates occur.
Update to original notification send Wed Apr 9 at approx. 10:15 am CDT
I've asked our VAR to open a ticket with McAfee on when MVM (Foundstone) will have a content update for the Heartbleed bug (CVE-2014-0160)
It was in the second FSL update released yesterday (RedHat entry used as example):
140438 - Red Hat Enterprise Linux RHSA-2014-0376 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes
Risk Level: Medium
The scan detected that the host is missing the following update: RHSA-2014-0376
Updates often remediate critical security problems that should be quickly addressed.
For more information see:
In MVM , Manage -> FASL Scripts, I reviewed the "OpenSSL TLS DTLS Heartbeat Extension Packets Information Disclosure" and in "View Script" I found some statement as follows:
FASL.vulnID = 16505;
FASL.attackType = ATTACK_NONINTRUSIVE;
FASL.os = OS_ANY;
FASL.protocol = PROTOCOL_TCP;
FASL.filters = [ 443, 465, 990, 993, 994, 995, 563, 636, 992, 3713, 5061, 6514, 10161, 10162 ];
Does "FASL.filters" mean this check will only checking TCP ports in the group of "443, 465, 990, 993, 994, 995, 563, 636, 992, 3713, 5061, 6514, 10161, 10162"? Or this check will cheking based on the IPs specified in MVM, Settings -> Services -> TCP Scanning?