A new vulnerability was found in the open source library “OpenSSL”.
It is called the heartbleed bug. This bug allows an attacker to get the private keys for an HTTPS Server that is running OpenSSL.
This bug has affected some of the biggest sites out on the Internet. From Amazon to Netflix.
Enterprise Remote Control uses OpenSSL for its web interface, and if you are running it – you need to patch it immediately.
What is possible with this bug? If an attacker is on the same network, or can somehow get between you and your server (Man in the middle) he would be able to decrypt the traffic. In most situations this would be difficult – but it is not impossible. Especially if you are accessing the enterprise server from a coffee shop or other public network access.
Lets get down to business. There are two ways to patch.
The first way is to install the new build we have with the fix. It will take possibly 30 minutes of downtime.
Here is the download link:
Just run the setup package, and it will automatically upgrade your server for you.
The second way takes less time, but requires a little more work:
-Stop the IntelliAdminERC service (At the command line type net stop intelliadminerc)
-Copy and overwrite these two files to C:\Program Files (x86)\IntelliAdmin\Enterprise\Reflector\WebServer
-Start the IntelliAdminERC service (At the command line type net start intelliadminerc)
For either fix – you will want to re-generate your certificate just in case someone has gotten your private key. If you did not setup your own certificate you can regenerate by going into the enterprise server settings and pressing the “Use Self Signed” button:
This will force the server to generate a new self signed cert.
If you purchased a cert, then you will need to get it re-issued. Because of how widespread this issue is – your certificate provider should have a process in place for this soon, if not already.
If you have any questions, please feel free to email us at email@example.com
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools