CionSystems Products Are Not Vulnerable to The Heartbleed Bug

CionSystems products are not vulnerable to the Heartbleed bug:

• CionSystems products don’t utilize OpenSSL libraries. Note: The Heartbleed bug affects TLS connections via a vulnerability in the heartbeat Logic.
• CionSystems products are deployed on Microsoft IIS server, which is not affected by this exploit: http://blogs.iis.net/erez/archive/2014/04/09/information-about-heartbleed-and-iis.aspx

General Information
The “Heartbleed Bug” is a security flaw in OpenSSL’s TLS implementation.  SSL/TLS provide secure the transmission for private information. The bug is actually a memory leak exploit that can potentially lead to the exposure of server keys.  This can result disclosure of private computer memory and private information. It is indeed a very serious vulnerability.
How to diagnose if your systems are vulnerable:
To determine if your systems are vulnerable to the Heartbleed bug, see http://www.kb.cert.org/vuls/id/720951
How to fix systems that are vulnerable to Heartbleed *and* the potential loss of private keys:
If you find any of your systems vulnerable to the Heartbleed bug, the steps typically involved in fixing a system include:

1. Patching vulnerable systems with OpenSSL 1.0.1g
2. Regenerating new private keys
3. Submitting new CSR to your CA
4. Obtaining and install new signed certificate
5. Revoking old certificates

Exercise caution when revoking certificates as some systems may become inaccessible.