Security Notices

Sep 24, 2014
PaperClip Support

A vulnerability referred to as Shellshock allows exploitation of the Bash Shell. The vulnerability allows remote attackers to execute arbitrary code by passing strings of code as environment variables. Bash shell is used on UNIX, Linux, BSD, and Mac OS X computers.

PaperClip has reviewed its inventory of Linux appliances and determined that at no time were they vulnerable. Bash Shells were not available and customary ports needed were disabled at the firewalls.

PaperClip working with our appliance vendors has already updated IPS/IDS signatures which will block any outside attempts to discover BASH Shells.

If you have any questions regarding this matter, please email us at This email address is being protected from spambots. You need JavaScript enabled to view it..

PaperClip Support

Apr 30, 2014
PaperClip Support

Official Reference: CVE-2014-1776
More Information: Microsoft Security Advisory 2963983
Update Issued May 1, 2014: Microsoft Security Bulletin MS14-021 - Critical

Researchers at FireEye Research Labs have identified an Internet Explorer (IE) zero-day exploit that has been used in targeted attacks. This vulnerability will affect IE6 through IE 11 but targeted attacks have been specifically targeting IE 9, 10, and 11.

The vulnerability is a remote code execution vulnerability and exists in the way Internet Explorer accesses Flash objects in memory. In a web-based attack the attacker would host a web site that contains a webpage used to exploit the vulnerability the attacker would dupe victims into visiting the attack page by clicking links contained in an email or instant message.

Apr 30, 2014
PaperClip Support

Official Reference: CVE-2014-0160
More Information:

Researchers have recently announced that a flaw was uncovered in the OpenSSL software, one of the key technologies used to encrypt data transactions on many websites. This flaw is called the Heartbleed Bug.

Mitigation of the Heartbleed OpenSSL vulnerability requires three actions to ensure closing the threat. PaperClip's use of OpenSSL affected vcf4Life, vcf4Securities, vcf4Compliance and some VCF dedicated customers. eM4Compliant Email and Internet eXpress services were not affected.

  1. Patch OpenSSL
    PaperClip has completed patching internal load balancers which utilize OpenSSL
    Patch Completed on: Thursday, April 10,2014 @ 14:30 EST.

  2. Change SSL Certificates
    PaperClip has submitted SSL Certificates change requests for all affected services and will apply them when they become available to us.

  3. Mandatory Password Change
    PaperClip forced a system wide password reset event on Monday April 14, 2014 @ 09:00 EST. If you were not forced to change your password, this means your VCF platform was not affected.
    Note: If you utilize our Microsoft Office Add-In, you will also need to change the password there to match the new password you created earlier.

These actions should conclude the recommended remediation for the Heartbleed OpenSSL threat. We appreciate your cooperation during this event.

If you have any additional questions about this upgrade, please contact PaperClip Technical Support at 800-929-3503 or This email address is being protected from spambots. You need JavaScript enabled to view it. 

Back to top