Do you use the Teradici PCoIP client? 

If so, be aware that whether you're running Windows, Linux, or macOS, there's a raft of new critical security vulnerabilities you need to be aware of.

These are security issues that could potentially impact some fifteen million endpoints.

The essence of the problem is that there's a flaw that causes an infinite denial of service loop. That leads to a critical integer overflow that causes the software to hang, which would mean that remote users would no longer be able to access their devices.

In other words, an attack leveraging this flaw could be incredibly disruptive. HP warns of a total of eight critical security vulnerabilities that have been recently identified.

 

These vulnerabilities are

If there is a silver lining to be found here, it lies in the fact that HP has taken fast action and already has a fix in place that addresses all flaws listed above.  Simply check the version of the software you're running and if you're not running version 22.01.3 or later, you are at risk and should update right away.

These latest versions of the software all use OpenSSL 1.1 and libexpat 2.4.7 which is key.

This isn't the first time in recent history where problems with OpenSSL gave the whole world a scare, Make no mistake, this is a serious issue.  Don't take any chances here.  If you're vulnerable, patch your way to safety as soon as you're able.

 

My perspective

Kudos to the fine folks at HP for moving quickly to address all of the above. Although this certainly will not be the last scare we see in 2022, if the future issues are handled this deftly, then we can all breathe a sigh of relief.

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association