Heartbleed Bug is a serious vulnerability in the popular OpenSSL. This weakness allows stealing the information protected, under normal condition by the SSL / TLS encryption used to secure the internet. For more info, please click here.
Next question:Vmware Platform
“Does your virtualization infrastructure vulnerable on HeartBleed Bug ? “
This is what I have found out during searching to check if my infrastructure is affected.
Yes. Vmware has confirmed the following products are affected:-
- ESXi 5.5
- NSX-MH 4.x
- NSX-V 6.0.x
- NVP 3.x
- vCenter Server 5.5
- vFabric Web Server 5.0.x – 5.3.x
- VMware Fusion 6.0.x
- VMware Horizon Mirage Edge Gateway 4.4.x
- VMware Horizon View 5.2 Feature Pack 2
- VMware Horizon View 5.3 Feature Pack 1
- VMware Horizon View Client for Android 2.1.x, 2.2.x, 2.3.x
- VMware Horizon View Client for iOS 2.1.x, 2.2.x, 2.3.x
- VMware Horizon View Client for Windows 2.3.x
- VMware Horizon Workspace 1.0
- VMware Horizon Workspace 1.5
- VMware Horizon Workspace 1.8
- VMware Horizon Workspace Client for Macintosh 1.5.1
- VMware Horizon Workspace Client for Macintosh 1.5.2
- VMware Horizon Workspace Client for Windows 1.5.1
- VMware Horizon Workspace Client for Windows 1.5.2
- VMware Horizon Workspace for Macintosh 1.8
- VMware Horizon Workspace for Windows 1.8
- VMware OVF Tool 3.5.0
- VMware vCloud Automation Center (vCAC) 5.1.x
- VMware vCloud Automation Center (vCAC) 5.2.x
- VMware vCloud Networking and Security (vCNS) 5.1.3
- VMware vCloud Networking and Security (vCNS) 5.5.1
Citrix Platform [Update April 28, 2014]
At this moment, “No” for Citrix XenCenter and XenServer. But affected
- Citrix Web Interface
Microsoft Hyper-V Platform
No. Microsoft Hyper-V Platform does not use open-source cryptographic library (Open SSL).
Meanwhile, Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.
For more detail, please click here.
Summary
If you’re environment are running the above platform and under affected list, please act fast to protect it before too late.
More details:-
- Heartbleed vulnerability in OpenSSL (CVE-2014-0160)