F-Secure not auto-fixing security hole in PSB, leaving the manual-menial job to customers?

Dear F-Secure,

I am observing this newly published F-Secure vulnerability-hotfix bulletin:

FSC-2018-1: Multiple Memory Vulnerabilities

https://www.f-secure.com/en/web/labs_global/fsc-2018-1

It says F-Secure PSB customers have to apply the patched new versions themselves:

"Fixed versions PSB Workstation 12.01.293 and PSB Email And Server Security 12.10.284 are available on PSB portal download page."

That is really unacceptable, I'd say even unfaithful, because PSB is all about automation! Customers are paying for PSB service so they don't have to operate the infrastructure in-house!

F-Secure Corp. please get your act together and auto-distribute the patch ASAP over the channel as "PSB 12 Multifix #04" or if that's not possible, then as a full software version AUA push. You have the GUTS to do that.

Thanks for your kind attention, Sincerely:

Tamas Feher, Hungary.

Find more posts tagged with

Comments

fedool

Hotfix has been released to everyone and client cannot reject it so all computers should get it. You don't really need to verify it in portal.

etomcat

Dear Vad,

Thanks for your response!

> we do not change the product/modules versions/build numbers during installation of this multifix.

Doesn't that make it difficult to see in the PSB webportal which computer have been fixed and which still lack the patch?

Maybe F-Secure plans to centrally push-replace PSB WKS 12 with Computer Protection 18.x real soon, so the above issue has limited practical significance?

Thanks in advance, Yours Sincerely:

Tamas Feher, Hungary.

Vad

Hello Tamas,

In short, yes, this is OK.

The multifix contains a limited number of binaries (you can check it's content in

c:\ProgramData\F-Secure\FSAUA\content\70Hotfix_PSBWKS1201_MF04\ BTW), and we do not change the product/modules versions/build numbers during installation of this multifix.

Downloads tab in Settings > Other settings GUI shows the installation result for it. If the status is different from "Installed", then something is wrong. In that case, please, contact support.

If you want to perform more precise check, you can compare the product binaries packed in ProgramData\F-Secure\FSAUA\content\70Hotfix_PSBWKS1201_MF04\*\hf\*.jar files with binaries in F-Secure installation folder.

Best regards,

Vad

etomcat

Dear Fedool,

I have "12.01 Multifix 4" already downloaded in PSB since Friday, but the version's build number still hasn't changed to 293 in the "About..." window, it still shows 12.01 build 283. Is that OK?

Thanks in advance, Yours Sincerely:

Tamas Feher, Hungray.

fedool

And now hotfix is ready and is getting pushed to clients.

Silently and rebootlessly, like it should be

fedool

Hello,

Don't worry, we are investigating how to deliver automatic fix for that without need for a full upgrade and preferably without a reboot.

New installers are published not only for upgrading but also for new installations so they make perfect sense.