To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Security Bulletin FSC-2018-1 - and where is the updates?

sw2090
sw2090 Posts: 14 Security Scout
in Business Suite

F-Secure released FSC-2018-1 on 02-10-2018 as they said in the info we got.

They mention updated releases for fscs in there and link to the download page.

However the download page only has old versions that were available before the Advisory came out.

Where can these updates be found? 

We have 400+ Clients that have FSCS on them and we need to fix that.

Comments

  • Ukko
    Ukko Posts: 39 Cybercrime Crusader

    Hello,

     

    Sorry for my reply. I'm only F-Secure user (and their home solutions).

     

    Did you mean this one 'security advisory' (01.02.2018) (?):
    https://www.f-secure.com/en/web/labs_global/fsc-2018-1

     

    If yes -> did you mean next download-page (?):
    https://www.f-secure.com/en/web/business_global/downloads/client-security

     

    If yes -> with my browser there fscs 13.10.215. And based on advisory -> 13.10 is build where vulnerable-design is not applied (where fix is available). Maybe if your FSCS version was with 13.10 already (?!) and if so -> maybe it is not a part of Affected Products.

    // OK -> there are abilities to switch to 12.num version. Where is fscs 12.33.110. But does it was before noted advisory (?!) with such build too (I tried to search for fscs installer some days/weeks before and latest was 12.32.113 probably)?

     

    Some discussions about this 'advisory' (for business and home solutions):

     

    Thanks!

     

  • sw2090
    sw2090 Posts: 14 Security Scout

    you're welcome :) No need to apologize.

     

    well yes i meant that Bulletin. 

    It reads that fscs 13.x is affected too and mentions that thee is a fix available. 

    I am also unsure if there already is an update for 12.x. The last available Hotfix for 12.x is from January 2018. It doesn't refer to the vulnerability and was released befor the bulletine came...

     

  • sw2090
    sw2090 Posts: 14 Security Scout

    ok I've re-read the Advisory now for several times. You could understand it the way that it means FSCS v13.10.x are not affected at all as it reads that older installations below v13.10 should be upgraded to 13.10.

     

    That would explain why there is no update for 13.10 on the download page - you don't need one Smiley Wink

     

    If that would only be officially confirmed it would be fine.

  • Ukko
    Ukko Posts: 39 Cybercrime Crusader
    wrote:

    you're welcome :) No need to apologize.

     

    well yes i meant that Bulletin. 

    It reads that fscs 13.x is affected too and mentions that thee is a fix available. 

    I am also unsure if there already is an update for 12.x. The last available Hotfix for 12.x is from January 2018. It doesn't refer to the vulnerability and was released befor the bulletine came...

    Hello,

     

    I edited my previous reply a little be (concerned 12.num);

     

    How I can to understand:

    - fscs 13.1*

    - fscs 12.33

    are not affected (or with fixes).

     

    For 13.0* and 12.num -> need to install 13.1 or 12.33

    Previous builds for 12.num was 12.2* or 12.32.113 (based on my research). So, if your experience about such builds (and not about 13.1*or 12.33) -> most likely, such topic with useful information:

    https://community.f-secure.com/t5/Protection/F-Secure-not-auto-fixing/td-p/104658

     

    Where possible to read meanings that, currently, for fix -> need to create upgrade (install to latest available build with fixes). OR maybe there is planned to be autofix (as hotfix) - but it is not released yet (!?). At least, advisory-page still with 'original' view and no any updates are added to it.

     

    Thanks!

     

    // and, yes, concerned further comment ->  good to receive official explanation and confirmation from F-Secure. I just decided to add my replies (for avoid potential long delay with any 'received' information).

  • sw2090
    sw2090 Posts: 14 Security Scout

    yap that's the way I understand it too (after re-reading it) :)

     

    Just an official confirmation would be nice.

This discussion has been closed.

Categories