A new vulnerability nicknamed “Heartbleed” targets OpenSSL by exploiting a vulnerability that can lead to data loss and exposure. Attacks and proofs of concept are currently available in the Wild.
OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years. OpenSSL is used on servers and is built-in to a number of VPN Appliances. Therefore the fix must come to the hosting server.
According to experts, state-sponsored cyber espionage are running the scans and most likely running the attacks. There are a small number of state-sponsored actors involved.
According to Microsoft, “most” Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.
SUSE Linux Enterprise Server (SLES) is apparently not affected.0