Thursday, July 2, 2015

Update on CVE-2014-9141: Thomson Reuters Fixed Assets CS <= 13.1.4

Received notification from vendor today:

"We appreciate your report and attention on the connectbgdl.exe vulnerability.  We are scheduled to address this with our next major release, 2015.1.0, scheduled for November of 2015.  This will be our first opportunity to address it since it came to our attention following our last major release of 2014.1.0 in November of 2014.  As of this point in time, we have seen no reports of this vulnerability being exploited within our customers' systems."

This patch should be immediately applied when released. Steps to remediate this vulnerabilityshould be taken until the next major release.

No comments:

Post a Comment