Recently, a Microsoft Schannel encryption security vulnerability, commonly known as “WinShock,” was revealed by IBM engineers and patched by Microsoft.
While no public exploits of this vulnerability are known, it potentially allows complete takeover of unpatched Windows servers with public services which use Schannel. These services include encrypted Web service, Remote Desktop Protocol (RDP) service and encrypted email service. Electra does not use and has not used Windows for encrypted Web service. Our email systems, whose Windows servers are on isolated networks, have been patched. Electra's sole use of RDP is within encrypted VPN tunnels which are not vulnerable. To avoid any chance of RDP's vulnerability being exploited from any compromised system which has access through our VPN, our RDP servers are patched.
We take the responsibility of keeping your information protected very seriously at Electra Information Systems. We would like to assure you that with regards to the WinShock bug:
1) Your account is secure
2) Your account details were not exposed in the past and will remain secure
3) You do not need to take any additional action to safeguard your information
4) There is no need to change your password
5) All servers have been patched to avoid other potential exploits of this bug