Within a year, we’ve witnessed three massive security vulnerabilities. From Heartbleed, the Bash bug, to the Poodle attack; luckily, none of these has caused any problems to ISL Online remote desktop users. Today, a new security release, ISL Conference Proxy 4.1.1, fixes eight reported security glitches in OpenSSL, most of which graded with low severity, plus some other minor issues. Server License users are welcome to upgrade.
The latest security release of ISL Online, the go-to remote support solution for the enterprise, is largely due to the recent OpenSSL upgrade. To remind you, OpenSSL has released updates patching eight vulnerabilities, two of which may allow an attacker to cause a Denial of Service condition, whereas other flaws are only of moderate and low severity. The risks the old OpenSSL poses range from denial-of-service attacks, changing the fingerprint certificate, client authorisation without a verification message for a Diffie-Hellman certificate, clients accepting the use of a temporary RSA or a handshake that leads to removing the forward secrecy from the cipher-suite. However, ISL Online’s newest server application, ISL Conference Proxy 4.1.1, is based on the patched OpenSSL and as such provides tighter security during remote access, live chat and online meetings.
Besides the OpenSSL fix, the ISL Online update also addresses the last remaining security issue found during penetration tests performed by external IT security organisations. This minor issue applies to the ISL Online web conferencing service and considers the authorisation schema during web meetings.
The update also includes new user interface translations and some other smaller fixes. For more information about ISL Conference Proxy 4.1.1, please visit our Help Center.
Server License users are welcome to upgrade
SaaS (Hosted Service) users have been switched to the latest security update automatically, while self-hosted (Server License) users are welcome to upgrade to the newest ISL Conference Proxy 4.1.1, which addresses and fixes all security weaknesses from OpenSSL and the penetration test.