We were notified by the software vendor that powers the IMAP, SMTP and Activesync interfaces to GENX that a zero day vulnerability had been discovered and was being actively exploited on the net. At a meeting of the risk management team it was decided that there should be the following actions taken:
1. Suspend the service immediately to prevent any possible compromise.
2. Export and analyse the log files to see if there was any evidence of the vulnerability being exploited.
3. Work with the vendor to ensure the vulnerability is patched and service restored ASAP.
The service was taken offline at 16:33 and remained offline until 17:30 when after applying a vendor supplied patch the service was safe to resume. The vendor will be providing a full update to incorporate the patch into a minor revision of the software in the coming days and we will again have to take the service offline to apply that, but it will be overnight as scheduled maintenance.
I can confirm without any doubt that the vulnerability was *NOT* exploited on our platform and there is no need to change account passwords.
This is the first time we've had to take the service offline for a vulnerability in almost 8 years and has reduced the uptime of the GENX platform to 99.9858% (over the last 365 days). We want to assure our customers that we didn't take this decision lightly and we do understand how frustrating an outage can be, but our primary concern has to be the safety and security of our customer's on this business class system.
There are no outstanding issues caused by this incident.