Expert Assist Remote Management client in Desktop Authority 9.1 and Remote Support Center 2.6 are vulnerable to the “Heartbleed” OpenSSL vulnerability
Researchers have found a critical defect in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For information on the vulnerability known as the "Heartbleed bug," see CVE-2014-0160 on the NIST website and heartbleed.com. An affected version, OpenSSL 1.0.1c is used in the ExpertAssist remote management client.
How does this affect Desktop Authority and Remote Support Center?
The ExpertAssist remote management client uses a vulnerable version of OpenSSL when receiving inbound remote management connections. The Desktop Authority and Remote Support Center management consoles are not affected. The Remote Support Center LAN and Internet Gateways are also not affected.
ExpertAssist operates almost exclusively in LAN environments and is usually not Internet facing. The exact vulnerability is determined by your environment. Concerned customers should uninstall the ExpertAssist client via the Desktop Authority and Remote Support Center management consoles. Patches for both will be available shortly.
An ExpertAssist patch for Desktop Authority 9.1 should be available after Monday, April 21 from the support page at: https://support.software.dell.com/desktop-authority/download-new-releases An ExpertAssist patch for Remote Support Center 2.6 should be available after Wednesday, April 23 from the support page at: https://support.software.dell.com/remote-support-center/download-new-releases