Are you one of the legions of users who rely on the Teradici PCoIP client?  If so, be aware that whether you're running Windows, Linux, or macOS, there's a raft of new critical security vulnerabilities you need to be aware of.

These are security issues that could potentially impact some fifteen million endpoints.

The essence of the problem is that there's a flaw that causes an infinite denial of service loop. That leads to a critical integer overflow that causes the software to hang, which would mean that remote users would no longer be able to access their devices.

In other words, an attack leveraging this flaw could be incredibly disruptive. HP warns of a total of eight critical security vulnerabilities that have been recently identified.

These vulnerabilities are tracked as:

  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2021-45960
  • CVE-2022-22825
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2021-46143

If there is a silver lining to be found here, it lies in the fact that HP has taken fast action and already has a fix in place that addresses all flaws listed above.  Simply check the version of the software you're running and if you're not running version 22.01.3 or later, you are at risk and should update right away.

These latest versions of the software all use OpenSSL 1.1 and libexpat 2.4.7 which is key.

This isn't the first time in recent history where problems with OpenSSL gave the whole world a scare, Make no mistake, this is a serious issue.  Don't take any chances here.  If you're vulnerable, patch your way to safety as soon as you're able.

Kudos to the fine folks at HP for moving quickly to address all of the above. Although this certainly will not be the last scare we see in 2022, if the future issues are handled this deftly, then we can all breathe a sigh of relief.

Used with permission from Article Aggregator