Security Bulletin FSC-2018-1 - and where is the updates?

sw2090

F-Secure released FSC-2018-1 on 02-10-2018 as they said in the info we got.

They mention updated releases for fscs in there and link to the download page.

However the download page only has old versions that were available before the Advisory came out.

Where can these updates be found?

We have 400+ Clients that have FSCS on them and we need to fix that.

Find more posts tagged with

Comments

MJ-perComp

If you take the word from a Platinum Partner (since 25 years):

The advisory cleary states that 13.10 is not vulnerable

Risk Level (Low/Medium/High/Critical): Medium

    Client Security Standard / Premium version 12.32 and below
    Client Security Standard / Premium version 13.00
    Server Security Standard / Premium version 12.11 and below
    Email And Server Security Standard / Premium version 12.11 and below
    PSB Workstation 12.01.283 all versions (1-7)
    PSB Email And Server Security version 12.10.280 and below

and at the end of the advisory is a list of all versions without that vulnerabilty.

sw2090

yap that's the way I understand it too (after re-reading it)

Just an official confirmation would be nice.

Ukko

wrote:
you're welcome No need to apologize.

well yes i meant that Bulletin.
It reads that fscs 13.x is affected too and mentions that thee is a fix available.
I am also unsure if there already is an update for 12.x. The last available Hotfix for 12.x is from January 2018. It doesn't refer to the vulnerability and was released befor the bulletine came...

Hello,

I edited my previous reply a little be (concerned 12.num);

How I can to understand:

- fscs 13.1*

- fscs 12.33

are not affected (or with fixes).

For 13.0* and 12.num -> need to install 13.1 or 12.33

Previous builds for 12.num was 12.2* or 12.32.113 (based on my research). So, if your experience about such builds (and not about 13.1*or 12.33) -> most likely, such topic with useful information:

https://community.f-secure.com/t5/Protection/F-Secure-not-auto-fixing/td-p/104658

Where possible to read meanings that, currently, for fix -> need to create upgrade (install to latest available build with fixes). OR maybe there is planned to be autofix (as hotfix) - but it is not released yet (!?). At least, advisory-page still with 'original' view and no any updates are added to it.

Thanks!

// and, yes, concerned further comment -> good to receive official explanation and confirmation from F-Secure. I just decided to add my replies (for avoid potential long delay with any 'received' information).

sw2090

ok I've re-read the Advisory now for several times. You could understand it the way that it means FSCS v13.10.x are not affected at all as it reads that older installations below v13.10 should be upgraded to 13.10.

That would explain why there is no update for 13.10 on the download page - you don't need one Smiley Wink

If that would only be officially confirmed it would be fine.

sw2090

you're welcome No need to apologize.

well yes i meant that Bulletin.

It reads that fscs 13.x is affected too and mentions that thee is a fix available.

I am also unsure if there already is an update for 12.x. The last available Hotfix for 12.x is from January 2018. It doesn't refer to the vulnerability and was released befor the bulletine came...

Ukko

Hello,

Sorry for my reply. I'm only F-Secure user (and their home solutions).

Did you mean this one 'security advisory' (01.02.2018) (?):
https://www.f-secure.com/en/web/labs_global/fsc-2018-1

If yes -> did you mean next download-page (?):
https://www.f-secure.com/en/web/business_global/downloads/client-security

If yes -> with my browser there fscs 13.10.215. And based on advisory -> 13.10 is build where vulnerable-design is not applied (where fix is available). Maybe if your FSCS version was with 13.10 already (?!) and if so -> maybe it is not a part of Affected Products.

// OK -> there are abilities to switch to 12.num version. Where is fscs 12.33.110. But does it was before noted advisory (?!) with such build too (I tried to search for fscs installer some days/weeks before and latest was 12.32.113 probably)?

Some discussions about this 'advisory' (for business and home solutions):

Thanks!