Heartbleed Patches Pending for 25 VMware Products

Since the emergence of the two-year old bug in OpenSSL (a.k.a. Hearbleed), many companies are rushing to repair the damage done by a supposed accidental invalidation by German open-sourcer, Robin Seggelmann. Conspiracy theorists suggest that Seggelmann might have done it with malicious intent or had been paid by a secret arm of some government to inject a fissure in the security of the Internet for spying. Others have used the revelation as a means to discredit the open source movement. And, still others just think Seggelmann was lazy.

Whatever the true case, the impact of Heartbleed is far reaching. Thousands of products are affected and vendors are working hard to identify problems and issue fixes.

One of the more popular vendors with deep industry impact, VMware, has detailed all of the company's applications that are affected by the OpenSSL integration. A new security advisory (accompanied by a formal KB article 2076225), lists out the 25 products that are waiting for fixes and the page will be updated as patches become available.

Security Advisory VMSA-2014-0004: VMware product updates address OpenSSL security vulnerabilities

Per the advisory, VMware will be rolling out updates throughout this week, hoping to secure all known vulnerable products by April 19^th.

Microsoft has stated that the majority of its services are safe from Heartbleed. Microsoft uses its own security layer instead of the open source version.