Announcement Regarding Recent Vulnerabilities

Can · July 24, 2019, 9:54pm

Related with the vulnerabilities announced by an analyst from Tenable, there have been no reported incidents exploiting any of these vulnerabilities and no customers reporting related issues to us. With the investigation conducted after the initial notification to us, it has been identified that the vulnerabilities affect only the Containment layer of the product, and other security features are not affected. The security layers of our product ensures that our customers are still protected. Regarding these vulnerabilities, Comodo product team has been working diligently to resolve all vulnerabilities from the start and all fixes will be released by Monday, July 29.

Further notifications regarding the release will be communicated through Forum, the portal and e-mail.

Regards,
Product Team

libretech · July 25, 2019, 1:30am

Thank @Can for the update, this is why a layered approach is recommended but this is good information and I look forward to Comodo’s patches for this.

nct · July 25, 2019, 8:02pm

@Can Presumably this vulnerability is present is all Comodo anti virus versions: consumer/free and MSP (Comodo Client Security)?

Can · July 30, 2019, 6:35am

Hi @nct ,

Yes, the consumer version has the same condition as well. Necessary announcement for that will be made in proper channels.

Regards

RT-AMS-ITarian · July 30, 2019, 8:18pm

@Can Is there a way of patching older versions of CCS?

I ask as we are not deploying the latest two versions due to known issues across the forums.

Rick_C · July 30, 2019, 11:30pm

We consulted the development team, @StrobeTech, and with the last two versions of CCS released, it it safe to update the endpoints directly from the EM with the latest release (v11.4.0.7655). You may want to check this forum post where Ed_Johnson shared his experience with the update.

RT-AMS-ITarian · August 17, 2019, 5:48am

I shall check out the post as still not upgraded

nct · August 17, 2019, 10:21pm

Hi @StrobeTech , I’ve upgraded most of my endpoints without any issues at all to the latest release.

RT-AMS-ITarian · September 5, 2019, 4:20pm

We have started upgrading ours now that we have had more time to test

nct · September 6, 2019, 8:50am

We’ve not knowingly encountered any issues with the 11.4 release and I’ve been running pre-release versions of 11.5 for a week or so on a few machines of my own.