We are trying to contact Sitefinity to check status about the latest security vulnerability in Sitefinity due to cryptographic weakness [CVE-2017-9248].  As our version is older, we have to verify the steps we have taken is valid and is that enough for the security issue.

Our Sitefinity version is 3.7.2136

and what we did is, we prevented the access to Dialog Handler as suggested in http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness#prevent-access
 by removing the handler in the web.config file and also changed Machine keys.

Can you please let us know if that will be enough for now? Is there a way to measure this and make sure that security is improved?

Hello Suresh,

Yes, I can confirm that for version 3.7 the steps you have taken are the correct ones to address the CVE-2017-9248 cryptographic weakness. The KB article you have referenced also contains information on how to verify whether the dialog handler has been properly disabled, so you can follow this set of instructions to confirm the successful operation.

At this point this is all the official information we have disclosed and can discuss in public. If you prefer to continue the discussion, or have further follow-up questions, which might necessitate private communication, we would be glad to assist you via our phone or support ticket channels, which you can find listed on the Sitefintiy Support center page.

Regards,
Boyan Barnev
Progress Telerik