Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Mail and Web Security Blog

HeartBleed, OpenSSL and Symantec Email & Web Security

Created: 10 Apr 2014 • Updated: 10 Apr 2014 • 2 comments
Ian McShane's picture
+3 3 Votes
Login to vote

By now you should be well aware of the vulnerability CVE-2014-0160, nicknamed HeartBleed, that exists in a number of versions of OpenSSL - an extremely popular open source cryptographic library.

Yesterday, we provided some guidance on steps businesses and consumers should take in light of this vulnerability.

We have also made it very simple to inspect and verify many aspects of SSL certificate security, including whether a server is still vulnerable to the HeartBleed attack.

We are extremely sensitive to the anxiety felt by customers who rely on our software and services as a core part of their work and personal lives.  So today, I want to give you an update on how this affects our Email and Web security products.

 

The following cloud services are NOT affected by the HeartBleed vulnerability in any way and customers do not need to take any action related to these services:

Symantec Email Security.cloud

Symantec Email Security.cloud - Policy Based Encryption

Symantec Instant Messaging Security.cloud

Symantec Enterprise Instant Messenger.cloud

Symantec Email & Web Security.cloud management portal (AKA ClientNet)

 

One feature within the Symantec Web Security.cloud service WAS affected by the HeartBleed vulnerability but customers do NOT need to take any action related to this service:

On March 3rd 2014, we introduced a new HTTPS scanning feature to the Symantec Web Security.cloud service.
As of April 9th 2014, Symantec temporarily disabled this HTTPS scanning feature as it was running a version of OpenSSL susceptible to the HeartBleed vulnerability.
Our Operations and Engineering teams are working to patch the HTTPS infrastructure associated with this feature and to minimize disruption it will remain disabled until this work is complete. 

No other features of the Web Security.cloud service are affected by this functionality and no other features of the service are disrupted.

 

The following on-premises Email and Web Security products are NOT affected by the HeartBleed vulnerability in any way and customers do not need to take any action:

Symantec Messaging Gateway

Symantec Web Gateway

 

If you have any questions at all related to this issue that are not addressed in this post, please contact our Technical Support team.

-- ian

Comments 2 CommentsJump to latest comment

JUSTICE's picture

Awesome news on in particular Symantec Messaging Gateway

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

+1
Login to vote
JustNetGuy's picture

Thanks Ian... Great news!

0
Login to vote