LogMeIn patches Heartbleed: What you need to do

LogMeIn patches Heartbleed: What you need to do

Summary: The Heartbleed exploit affects a big part of the web, and the popular LogMeIn remote desktop service is compromised. Here's what you need to do to protect your remote desktops.

TOPICS: Mobility, Security

The Heartbleed exploit hit OpenSSL hard, and consequently all services that depend on it for encryption are at risk. The popular LogMeIn remote desktop service is one of those affected, leaving companies and individuals using the service exposed.

The folks at LogMeIn have just patched their host software to eliminate the vulnerability. Those using LogMeIn to access remote desktops now must do their part to close the exposure to Heartbleed completely.

According to LogMeIn, users of their service need to update all host software on every platform they use. This can be done by following the following instructions by the company.

      1. Check to confirm you're running the latest version of LogMeIn. You can do that by hovering your mouse over computers in your Central or My Computers page on the LogMeIn.com site, or by right clicking on the LogMeIn icon in your systems tray and opening LogMeIn Control Panel and click on the About tab.
      2. Confirm version number and above for Windows or version number and above for Mac.
      3. If you are using an older version, please click the Check Updates button in the LogMeIn Control Panel (as described above), and update the software.
      4. Change your Windows PCs or Macs passwords – This is for your computer login credentials only. You do not have to change your LogMeIn account login.
      5. Take a minute to review our FAQ on the LogMeIn help site.

This fix should not be delayed as your remote systems are exposed to hackers until the exposure is eliminated. LogMeIn has done its part in getting rid of the vulnerability, now you'd better do your part outlined in the instructions above to protect your own system.

See related:

Heartbleed: Serious OpenSSL zero day vulnerability revealed

Did open source matter for Heartbleed?

Topics: Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • the hits just keep coming with this

    Quickly rising to number one on the all time Casey Kasem top hits chart.
  • Got 'er done..

    Only had one client with an older version. To bad you can't push an update through the Central console - at least I'm not aware that you can yet.
  • Some questions...

    If logmein's website itself used OpenSSL and supported the Heartbeat TLV and they've patched that and reissued their certificates with a new private/public key pair, then we DO need to update our passwords which get us access to the logmein service itself. Your article is confusing.

    Another obvious question... why was the Heartbeat TLV enabled in the OpenSSL code that logmein installed on our computers? Isn't that just for UDP-based stuff that logmein very likely doesn't use?