Is Symantec Mail Security for Microsoft Exchange affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

Article:TECH216522  |  Created: 2014-04-09  |  Updated: 2014-04-25  |  Article URL
Article Type
Technical Solution


You wish to know if the Symantec Mail Security for Microsoft Exchange (SMSMSE) is affected by the "heartbleed" OpenSSL bug (CVE-2014-0160) that allows highly sensitive material such as primary key information to be accessed illicitly via a defect in the implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).



The SMSMSE is NOT AFFECTED by this vulnerability, as it does not use the TLS / DTLS functionality from OpenSSL. However, an optional patch is offered, simply to exclude the specific OpenSSL version (1.0.1e) from the build. This patch is built with OpenSSL 1.0.1g.



This proactive patch is purely OPTIONAL. SMSMSE is NOT AFFECTED by the HeartBleed vulnerability without this patch.


SMSMSE Open SSL HF (2.4 MBytes)
Please read before applying the patch
ReadMe.docx (17 kBytes)

Article URL

Terms of use for this information are found in Legal Notices