What we have found out so far has been interesting, and at times alarming. Many of our network and security vendors have issued statements regarding vulnerable infrastructure we use, and some have already issued patches. Other vendors are still assessing the situation. Scans of our internal infrastructure yielded quite a number of servers that are vulnerable. Interestingly, we discovered that more than 300 resources that run Windows Server are vulnerable. That had us scratching our heads until we realized that it was the Integrated Lights Out board, used for remote server management, that was vulnerable. We are working with the vendor to obtain a patch.
We also discovered some 40 vulnerable servers on our PC network. This was traced to users who were running vulnerable virtual machines on their PCs.
The work continues, and I will provide status reports to our executive staff on a weekly basis until all issues have been remediated.