-
Resources
-
Office 365 and Google Integration
-
Teacher Tools for the New School Year
-
Scholantis Student Portfolio Demo
-
Scholantis Student Portfolios
-
POODLE Security Notice
-
Student Portfolios Webinar
-
SharePoint 2013 Content Upgrade Guide
-
Staying on the right side of Canada’s new spam law
-
Automatic Authentication...Banishing login prompts
-
Office Mobile - What does it do?
-
Configuring OneDrive Storage Limits
-
Scholantis and Heartbleed Security Update
-
Scholantis Student Portfolios - Self reflection, learning and engagement
-
SharePoint 2013 Browser Support...Is it better?
-
SharePoint 2013 Upgrade Planning Guide
-
Upgrading to SharePoint 2013 - A Roadmap for 2014
-
What have the SharePoint elves been up to?
-
Why School Districts Are Going Paperless…And How To Start
-
Antivirus Performance Optimisation
-
Scholantis Support
-
FREAK Security Notice
-
IIS Security Notice
-
iOS Login Fix
-
Office Online 2016
-
SIS Integrated Classes
-
Google Drive File Picker
-
Send Feedback - What information is sent to Scholantis?
-
Setup Scholantis SIS Data Sync for PowerSchool
-
Setup Scholantis SIS Data Sync for Maplewood
-
Setup Scholantis SIS Data Sync for MyEd BC
-
Setup Scholantis SIS Data Sync with Custom Data
-
Which Files Can I Upload?
-
Data Protection, Backup & Recovery
-
Scholantis Web Application Settings
-
Glossary
-
WannaCrypt Security Notice
-
Analytics And Search Engine Optimization
-
Getting Started
-
How To Update Your Website After the Holidays
-
Adding Enhanced Class Information to MyEd Exports
-
Scholantis Monitoring Test User Required
-
"Meltdown" and "Spectre" Security Notice
-
Facebook and Instagram Integration Changes
-
Office 365 and Google Integration
Didn't find what you're looking for? Contact Support
On March 3rd, 2015, security researchers announced a flaw known as FREAK (CVE-2015-0204) which affects the SSL/TLS encryption used to secure websites. The vulnerability could potentially allow an attacker to compromise secure traffic in order to intercept or manipulate sensitive data.
This affects you!
Microsoft Windows servers, including those running SharePoint or TMG are vulnerable to this exploit (Microsoft Security Advisory 3046015). This issue is not specific to Microsoft and affects servers and software clients on all platforms.
What should you do?
Apply the latest Windows Updates to any Microsoft Windows servers which create SSL connections (e.g. TMG, IIS, SharePoint servers).
The March 2015 Patch Tuesday update, released on March 10th, includes a fix for the FREAK exploit as described in Microsoft Security Bulletin MS15-031.
If you would like help securing your SharePoint environment from this exploit get in touch. You can test your sites using Qualys SSL Labs site (ssllabs.com/ssltest).
Is this as bad as Heartbleed and Shellshock?
While neither of those bugs affect SharePoint or Microsoft servers, FREAK is a much less severe problem. Heartbleed and Shellshock were remotely exploitable by anyone, anywhere. FREAK requires live access to a user's internet connection.
So called man in the middle attacks can be exploited in places such as a coffee shop or when using shared Wi-Fi. Although the vulnerability has existed for more than a decade, researchers have no indication that any attackers have exploited the weakness to date.