The Heartbleed OpenSSL Exploit

A very serious vulnerability in open source software called OpenSSL was recently discovered which allows malicious users to pull sensitive information from web servers.  The good news for Applied Innovations customers is that we host your sites on Microsoft IIS which is not vulnerable to this exploit.  Microsoft’s IIS web server does not use the OpenSSL library for encrypting traffic so you can rest easy.  If you would like additional verification that your site is not vulnerable to this exploit you can run a test using this tool:

Please note that the above statement applies to shared hosting clients as well as managed clients with cloud servers or dedicated servers.  If you manage your own cloud server or dedicated server with us and you chose to run an alternate web server such as Apache your site(s) may be susceptible to this exploit depending on your configuration.  For a more in depth technical analysis of this exploit including the specific versions of OpenSSL affected please refer to this URL for additional information:

Update:  Microsoft posted an article last night with further confirmation that their web server is not affected by this bug:  IIS & Heartbleed

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *