December 21, 2023 at 08:33AM
ESET releases patches to fix a high-severity vulnerability in its endpoint and server security products. The flaw, CVE-2023-5594, affected the SSL/TLS protocol scanning feature and could make web browsers trust untrustworthy sites. The patch is automatically rolling out via product updates since November 21, with no user interaction required. ESET has not reported any attacks exploiting the vulnerability.
Based on the meeting notes, the key takeaways are:
– ESET has released patches for several of its endpoint and server security products to address a high-severity vulnerability (CVE-2023-5594) related to SSL/TLS protocol scanning.
– The vulnerability was caused by improper validation of the server’s certificate chain, allowing web browsers to trust sites with certificates signed with outdated and insecure algorithms.
– Affected ESET products include NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus, Endpoint Security, Server Security, Mail Security, Security for Microsoft SharePoint Server, and File Security for Microsoft Azure.
– Patches have been rolling out via automatic product updates since November 21, and no user interaction is required to install the fix.
– The vulnerability was reported to ESET by an anonymous individual, and ESET is not aware of any attacks exploiting this vulnerability.