To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-Secure not auto-fixing security hole in PSB, leaving the manual-menial job to customers?

etomcat
etomcat Posts: 1,172 Firewall Master

Dear F-Secure,

 

I am observing this newly published F-Secure vulnerability-hotfix bulletin:

 

FSC-2018-1: Multiple Memory Vulnerabilities

https://www.f-secure.com/en/web/labs_global/fsc-2018-1

 

It says F-Secure PSB customers have to apply the patched new versions themselves:

"Fixed versions PSB Workstation 12.01.293 and PSB Email And Server Security 12.10.284 are available on PSB portal download page."

 

That is really unacceptable, I'd say even unfaithful, because PSB is all about automation! Customers are paying for PSB service so they don't have to operate the infrastructure in-house!

 

F-Secure Corp. please get your act together and auto-distribute the patch ASAP over the channel as "PSB 12 Multifix #04" or if that's not possible, then as a full software version AUA push. You have the GUTS to do that.

 

Thanks for your kind attention, Sincerely:

Tamas Feher, Hungary.

Comments

  • fedool
    fedool Posts: 162 Threat Terminator

    Hello,

     

    Don't worry, we are investigating how to deliver automatic fix for that without need for a full upgrade and preferably without a reboot.

    New installers are published not only for upgrading but also for new installations so they make perfect sense.

     

     

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear Fedool,

     

    I have "12.01 Multifix 4" already downloaded in PSB since Friday, but the version's build number still hasn't changed to 293 in the "About..." window, it still shows 12.01 build 283. Is that OK?

     

    Thanks in advance, Yours Sincerely:

    Tamas Feher, Hungray.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Tamas,

     

    In short, yes, this is OK.

    The multifix contains a limited number of binaries (you can check it's content in

    c:\ProgramData\F-Secure\FSAUA\content\70Hotfix_PSBWKS1201_MF04\ BTW), and we do not change the product/modules versions/build numbers during installation of this multifix.

     

    Downloads tab in Settings > Other settings GUI shows the installation result for it. If the status is different from "Installed", then something is wrong. In that case, please, contact support.

     

    If you want to perform more precise check, you can compare the product binaries packed in ProgramData\F-Secure\FSAUA\content\70Hotfix_PSBWKS1201_MF04\*\hf\*.jar files with binaries in F-Secure installation folder.

     

    Best regards,

    Vad

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear Vad,

     

    Thanks for your response!

     

    > we do not change the product/modules versions/build numbers during installation of this multifix.

     

    Doesn't that make it difficult to see in the PSB webportal which computer have been fixed and which still lack the patch?

     

    Maybe F-Secure plans to centrally push-replace PSB WKS 12 with Computer Protection 18.x real soon, so the above issue has limited practical significance?

     

    Thanks in advance, Yours Sincerely:

    Tamas Feher, Hungary.

  • fedool
    fedool Posts: 162 Threat Terminator

    Hotfix has been released to everyone and client cannot reject it so all computers should get it. You don't really need to verify it in portal.

     

This discussion has been closed.

Categories