Security alert - Network time protocol (NTP) vulnerability

You may be aware of the news related to a security flaw in the standard implementation of the network time protocol (NTP) that can be exploited to compromise servers and devices that run UNIX-like operating systems. Machines running a vulnerable version of the NTP daemon (nptd) could be impacted.

This vulnerability has the National Cyber Awareness System tracking ID CVE-2014-9295 and is causing companies to patch affected systems. We have evaluated the Dynatrace Synthetic Monitoring system and listed its vulnerability status below.

Component Affected Description
Backbone Node Network
Private Agent Node Network
Last Mile Peer Network
Private Last Mile
Peer Network
Streaming Node Network
Mobile Node Network
No These networks are all Microsoft Windows based, so are not affected by this vulnerability.
Web Load Testing Yes Web Load Testing is run on Linux servers. These servers are not able to accept an external NTP request so are at low risk to this vulnerability. As a precaution, we are updating the NTP daemon software on these servers as patches become available.
Web Services No Web Services is Microsoft Windows based so it is not affected by this vulnerability.
GPN Portal No The GPN Portal is Microsoft Windows based so it is not affected by this vulnerability.
Dynatrace Portal Yes The Dynatrace Portal is run on Linux servers. These servers are not able to accept an external NTP request so are at low risk to this vulnerability. As a precaution, we are updating the NTP daemon software on these servers as patches become available.