Who We Are

ADP's Response To Microsoft SCHANNEL Vulnerability

Most Recently Reported: November 18, 2014
Date Initially Reported: November 18, 2014

ADP is aware of the security advisory published by Microsoft regarding vulnerabilities in Microsoft Secure Channel (SCHANNEL) security package in Windows. This vulnerability is exposed by internet-facing Windows servers with MS Exchange Outlook Web Access (OWA), Internet Information Services (IIS) and Structured Query Language (SQL). The issue was discovered and reported by Microsoft.

Based on the analysis of our internet-facing infrastructure worldwide, ADP’s Global Security Organization has identified that a small number of our servers could potentially be exploited. Remediation efforts are moving toward completion and we are performing specific monitoring until remediation is complete.

In addition, ADP has also updated our Intrusion Detection/Prevention Systems’ signatures to detect any potential malicious activity targeting our systems and has escalated visibility of those alerts to monitoring personnel within ADP’s Critical Incident Response Center. ADP is also performing specific monitoring against all known vulnerable infrastructure until remediation is complete.

We have seen no evidence of attempts to exploit this vulnerability on any ADP assets. For more information on this issue please visit Microsoft Security Bulletin MS14-066.

It is important to note that the vast majority of ADP’s global applications and services provided to our clients are unaffected by this issue

Clients are encouraged to visit ADP’s trust and security center to learn about ways they can learn how to help protect themselves by visiting: https://www.adp.com/about-us/trust-center.aspx.

Protecting ADP clients and their data has been, and always will be, a top priority for ADP.

If you have any further questions/concerns, please contact our Client Security Management Office via email adp.csmo@adp.com or phone at 855-677-7247 (Toll Free).

PDF Download a PDF of this Alert

See All Security Alerts