[CA7304] Upgrade necessary due to code signing certificate replacement

ESET Customer Advisory 2019-0008
May 31, 2019
Severity: High

Summary

In a short timespan both ESET’s SHA1 and SHA256 code signing certificates are expiring. In order to continue receiving updates, users of older ESET products need to upgrade to a version that supports the seamless certificate switch.

Please see below for a list of ESET product versions that require you to upgrade.

Details

Because both ESET’s SHA1 and SHA256 code signing certificates are expiring in a short timespan, ESET has obtained replacement certificates to sign binaries of its Windows products. However, some versions of ESET products released before October 2017 were not ready for a certificate switch. Therefore, users of those products will need to perform an upgrade to a later product version that supports such certificate replacement. For a specific list of affected product versions, see below.

The latter of the expiration dates of these two certificates is on July 20, 2019, and after that date, users of the affected products would not be able to update modules of their ESET products, such as the detection engine. ESET understands that many customers need to plan their upgrades ahead of time and it would not be possible for all to upgrade before the mentioned date. Therefore, in order to provide users with more time to perform the upgrade, ESET has prepared an updated version of the Update module. This version of the module is signed by both old and new certificates and thus its presence will allow the installed ESET product to continue receiving updates signed by the new certificate after July 20, 2019, even before the product upgrade. The module will be distributed to all ESET users before July 20, 2019. However, we still urge users of the affected products to perform an upgrade soon, because this is not a permanent solution and the Update module will lose support for the older certificates eventually. Even though we plan to keep the module in this state for a long enough time to allow for a smooth planned upgrade, any unforeseen need to update the module after July 20, 2019, will cause it to lose the support immediately and thus it is not recommended to postpone the upgrade.

UPDATE: The workaround will cease working on January 27, 2020. After this date, all affected products will not be able to update and will lose protection.

All Affected products will soon notify users to upgrade with a warning in the product protection status. This status will also be reported to ESET Remote Administrator / ESET Security Management Center so that administrators of affected endpoints can notice the warning and schedule the upgrade procedure.

Note: Even though an upgrade to the latest available version is always recommended, in order to resolve this issue, it is enough to upgrade to the latest build of the product version the user has currently installed, such as to version 6.6.2089.2 for users of any affected 6.6.x.x build.

All affected ESET consumer products will be upgraded automatically by means of a product component upgrade.

Affected products

Business:

  • ESET Endpoint Security, ESET Endpoint Antivirus
    • 6.6.0.0 – 6.6.2063.x

Home:

  • ESET NOD32 Antivirus, Internet Security, Smart Security, Smart Security Premium
    • 10.0.0.x – 10.0.398.x
    • 10.1.0.x – 10.1.234.x
    • 11.0.0.x – 11.0.143.x

Solution

Choose your ESET home or business product below to upgrade to a more recent version.

Home:

Business:

Feedback & Support

If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.

Version log

Version 1.4 (January 27, 2020): Added "UPDATE: The workaround will cease working on January 27, 2020..."
Version 1.3 (January 24, 2020): Updated "Resources" to "Solution" and minor grammatical edits
Version 1.2 (June 21, 2019): Corrected the module name
Version 1.1 (June 13, 2019): Replaced links in the Resources section
Version 1.0 (May 31, 2019): Initial version of this document