A vulnerability has been discovered in SSL 3.0 protocol. This vulnerability is known as POODLE (CVE-2014-3566)
SOTI MobiControl utilizes the implementation of SSL and TLS provided by Microsoft in the Windows operating system. It is recommended by Microsoft that SSL 3.0 support be disabled to protect your enterprise against POODLE.
SOTI MobiControl cloud customers are unaffected as remediation has been performed to address this exploit.
SOTI MobiControl customers with in premise may be affected if SSL 3.0 is enabled:
- If the Windows operating system on the machine where MobiControl is installed has SSL 3.0 support disabled, then your system is not affected, and no action is required
- If the Windows operating system on the machine where MobiControl is installed has SSL 3.0 support enabled then your system may be at risk to this vulnerability.
- This vulnerability can be mitigated on the server side by modifying the Windows registry. For more information on Microsoft’s resolution please see the Microsoft Security Advisory
Potential impacts of disabling SSL 3.0:
- Internet Explorer (IE) 6.0 does not support TLS v1.0 and above. If you are using IE 6.0 to view the MobiControl web console, you will need to use a more recent browser version in order to have protection against this vulnerability
- Older versions of the Windows CE, Windows Pocket PC (Pocket PC 2000, Handheld PC 2000, Pocket PC 2002 and Smartphone 2002), do not support TLS v1.0. As a result, disabling support for SSL 3.0 is not an option for customers using these devices.
SOTI continues to remain committed to protecting your enterprise and your users against the latest threats in enterprise mobility.