We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.
After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected. At that time, we confirmed: Guidance Software products do not use OpenSSL at all.
On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.
Questions? Comments? Add below or reach out to us on Twitter @EnCase.
Yesterday, Microsoft issued Security Advisory 2953095 to announce a vulnerability in Microsoft Word 2010 that could allow remote-code execution, “…if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same users rights as the current user.”