The latest in the list of high profile vulnerabilities, POODLE, has been announced. While it is highly unlikely that any of our customers would be effected by this we have changed the configuration on all the servers this morning to prevent any possible exploitation of this problem. This only effects secure server protocols and has the possibility of allowing the secure key to be read, allowing a third party to potentially read data being transferred between the browser and server. Many browsers are already being updated to prevent this so updating the servers is more of an insurance against future exploits and older browsers.

The changes made should also prevent any related vulnerabilities that may come to light later on.

The fix means the removal of support for the effected security protocol which also means that supporting old browsers over secure links may no longer be possible. Specifically this will effect end users using IE 6 on a version of Windows XP that has not been patched to SP 3.