|Applies To||RSA Product Set: RSA ECAT / RSA Endpoint|
RSA Version/Condition: 4.4.x
O/S Version: Windows 7, Windows 8, Windows Server 2003, Windows Server 2008
Vulnerability ID: CVE-2014-3566
For a complete list of affected versions of Microsoft Windows, refer to the Microsoft Security Advisory 3009008.
|Issue||RSA ECAT / RSA Endpoint runs on Microsoft Windows and is vulnerable to the POODLE vulnerability (CVE-2014-3566) unless steps are taken to disable the use of SSLv3.|
Windows 2008 R2 is the minimum version of Windows required to run Endpoint.
Where TLS 1.0 support was introduced in Windows XP Service Pack 3, you can safely disable SSLv3 in the operating system with no impact to Endpoint functionality.
|Resolution||To mitigate the effects of POODLE, disable the use of SSLv3 by following the detailed instructions in the Microsoft knowledgebase article 245030.|
|Notes||For additional information on how the POODLE vulnerability affects all RSA products, refer to the knowledgebase article Poodle Bite Sandworm .Net MS14-057 OpenSSL Vulnerabilities and Impact in RSA products.|