#3584 - OpenSSL "Heartbleed" Security Update
Incident
Report for (mt) Media Temple
Resolved
This incident has been resolved.
Monitoring
We appreciate your patience while our security team investigated this issue. After an intensive system-wide review, we have confirmed that many (mt) Media Temple services were never affected by the Heartbleed vulnerability.
Services that were not vulnerable:
* AccountCenter
* GRID
* (dv) 4.0 Server
* (dpv) Nitro
* Virb
Services that were vulnerable:
* Premium WordPress
* DV
Shortly after the vulnerability was exposed, our team updated the OpenSSL library on Premium WordPress.
Customers whose DV Servers were patched received a support request and an email outlining the changes made to the OpenSSL packages on their servers. Patched servers were rebooted in order to ensure the threat was nullified.
DV Developer and (ve) servers may have been affected, depending on which version of OpenSSL is installed. Customers using OpenSSL should update their servers in order to protect themselves from the Heartbleed bug described in CVE-2014-0160. Every DV Developer and (ve) customer received a notice regarding the update process for their OS distribution.
As an added precaution, we recommend that you update any passwords or keys (e.g. your SSL certificates) after OpenSSL has been patched or updated. If your server was affected and your SSL certificate was purchased through (mt) Media Temple, please submit a support request if you would like to obtain a re-keyed SSL certificate.
Services that were not vulnerable:
* AccountCenter
* GRID
* (dv) 4.0 Server
* (dpv) Nitro
* Virb
Services that were vulnerable:
* Premium WordPress
* DV
Shortly after the vulnerability was exposed, our team updated the OpenSSL library on Premium WordPress.
Customers whose DV Servers were patched received a support request and an email outlining the changes made to the OpenSSL packages on their servers. Patched servers were rebooted in order to ensure the threat was nullified.
DV Developer and (ve) servers may have been affected, depending on which version of OpenSSL is installed. Customers using OpenSSL should update their servers in order to protect themselves from the Heartbleed bug described in CVE-2014-0160. Every DV Developer and (ve) customer received a notice regarding the update process for their OS distribution.
As an added precaution, we recommend that you update any passwords or keys (e.g. your SSL certificates) after OpenSSL has been patched or updated. If your server was affected and your SSL certificate was purchased through (mt) Media Temple, please submit a support request if you would like to obtain a re-keyed SSL certificate.
Investigating
The (mt) Media Temple security team is aware of the Heartbleed Vulnerability (CVE-2014-0160) in OpenSSL. We have already updated OpenSSL on several pieces of our core infrastructure and will continue to do so.
At this time, we have no reason to believe any customer data has been exposed.
Once our investigation and remediation plans are complete, a full incident summary will be posted.
For more information about the Heartbleed OpenSSL vulnerability, please check out http://heartbleed.com/.
At this time, we have no reason to believe any customer data has been exposed.
Once our investigation and remediation plans are complete, a full incident summary will be posted.
For more information about the Heartbleed OpenSSL vulnerability, please check out http://heartbleed.com/.