Expert Assist Remote Management client in Desktop Authority 9.1 and Remote Support Center 2.6 are vulnerable to the “Heartbleed” OpenSSL vulnerability

Researchers have found a critical defect in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For information on the vulnerability known as the "Heartbleed bug," see CVE-2014-0160 on the NIST website and heartbleed.com. An affected version, OpenSSL 1.0.1c is used in the ExpertAssist remote management client.

How does this affect Desktop Authority and Remote Support Center?

The ExpertAssist remote management client uses a vulnerable version of OpenSSL when receiving inbound remote management connections. The Desktop Authority and Remote Support Center management consoles are not affected. The Remote Support Center LAN and Internet Gateways are also not affected.

Workaround

ExpertAssist operates almost exclusively in LAN environments and is usually not Internet facing. The exact vulnerability is determined by your environment. Concerned customers should uninstall the ExpertAssist client via the Desktop Authority and Remote Support Center management consoles. Patches for both will be available shortly.

Status

An ExpertAssist patch for Desktop Authority 9.1 and 9.1.1 is now available from the support page at: https://support.software.dell.com/desktop-authority/download-new-releases It upgrades the current ExpertAssist client to version 8.5.6.16. Instructions for the patch are available at the download link above.

A new version of Remote Support Center 2.6 that corrects the heartbleed issue is now avaialble from the support page at: https://support.software.dell.com/remote-support-center/download-new-releases