lcs: SSL v3.0 & Microsoft Dynamics

[Blog bot]

Источник: http://blogs.msdn.com/b/lcs/archive/...-dynamics.aspx
==============

The SSL 3.0 vulnerability referenced in the Security Advisory 3009008, also known as “Poodle”, has received a significant amount of attention. While the discovered issue is specific to SSL 3.0, many customers are wondering whether this affects Microsoft’s offerings, specifically Microsoft Dynamics online services.

Microsoft Dynamics Online Services Status

Microsoft Dynamics has completed some of our services and is in the process of remediating the following online services for the SSL 3.0 vulnerability.

Service

SSL v3.0 Mitigation Status



Microsoft Dynamics CRM Online

7-Dec

Microsoft Dynamics Marketing

7-Dec

Microsoft Social Listening

Completed

Parature for Microsoft Dynamics

Completed

Microsoft Dynamics Lifecycle Services

7-Dec

Online Services for Microsoft Dynamics

7-Dec

Recommended Client Side Remediation

It is also highly recommended that you update your browser to disable SSL 3.0 and leverage TLS. Please follow the provided links for more information on how to mitigate within the following browsers

• Internet Explorer: https://technet.microsoft.com/en-us/library/security/3009008.aspx
• Firefox: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
• Chrome: http://dottech.org/166990/how-to-disable-ssl-3-0-support-in-chrome-tip/

Note In addition to securing your client side browsers, we also recommend that all customers who are using a mobile platform and may be vulnerable, follow the guidance from their mobile operating system provider.

Additional Information

The following resources provide guidance for customers and administrators to ensure clients are utilizing TLS 1.0 or higher and to disable SSL 3.0 proactively.

• You, as an individual, can use the Fix it, which is available for all supported versions of IE, to disable SSL 3.0 in your browser and help ensure you are protected from this vulnerability.
• For managed desktop environments, this TechNet article provides guidance on how to determine if your environment has users connecting via SSL 3.0. If any users are identified, Security Advisory 3009008 provides guidance on how to apply a group policy to update the settings.
• If you are an Azure customer, also visit the Azure blog for more information.

We want to assure our customers that we take your data and systems’ security seriously and hope that you find this information helpful.

For general information about our approach to security, visit the Microsoft Dynamics CRM Trust Center.

Sincerely,

Microsoft Dynamics Service Engineering Team








Источник: http://blogs.msdn.com/b/lcs/archive/...-dynamics.aspx