“With the contributors to the OpenSSL project staying tight lipped apart from stating it will be classified as “High Severity”, it would be prudent for organisations to identify all systems affected in advance of the patch to deploy the updates if required,” he said.
Fears are that the vulnerabilities will be just as bad as Heartbleed, which is still alive and kicking on unupdated servers. Millard said that hopefully this bug will be less severe than Heartbleed but, until Thursday, only a few will know.