消息来自官网Newsroom。https://www.emsisoft.com/en/blog ... f=news230907_all_en
Please update AND reboot!
We urge all our customers to make sure automatic updates are enabled in Emsisoft Anti-Malware, Emsisoft Business Security and Emsisoft Enterprise Security and reboot their computers before September 22nd, 2023.
Not doing so will likely result in a software malfunction that will require re-installation of the software to fix.
We apologize for any inconvenience this causes.
What happened?
Protection software like ours is digitally signed with a certificate that warrants the files are authentic, published by us, and in a non-manipulated state. Microsoft sets a high bar specifically for the antivirus industry and requires not just regular code signing certificates, but also Extended Validation (EV) code signing certificates that are protected by a FIPS 140-2 Level 2-compliant cryptographic device to ensure certificates cannot be stolen and misused.
Code signing certificates must be renewed every 12 months, with an extensive validation process by the certificate authority that issues the certificates. In our case, GlobalSign. Validation includes proof of address of the company, business register validation and more.
On August 23rd, we renewed our EV code signing certificate as usual. Verification went fine and we received a new certificate. All program files compiled by us after that date made use of the new certificate, including the 2023.9 release published on September 4th.
Yesterday, GlobalSign reached out to us letting us know that they made a mistake with our certificate: namely, they entered our business number incorrectly. This means they must revoke the certificate on September 8th and re-issue a new one with the correct business number.
We have received a new, corrected certificate today and immediately re-signed all files that were previously signed by the to-be-revoked certificate. The new files are available through the online update of our products and we expect that the vast majority of our customers will automatically receive the new version before the old certificate gets revoked.
However, to complicate matters further, we published a new driver component for the new rollback feature in version 2023.9. That driver file requires a reboot to install a new version of the file, and this is why we need you to not just update the software but also reboot your device before the revocation deadline.
When a certificate authority revokes a certificate, all software files that have been signed with it will produce a security warning, and drivers may not load at all. This essentially breaks the protection, including the ability to run online updates. If that happens, only a re-installation of the software will resolve the issue.
We apologize for the inconvenience this may cause, but reiterate that it was completely outside of our control. Unfortunately, there is nothing we can do to prevent situations like this from happening, and GlobalSign has rejected multiple requests to extend the deadline for revocation. It goes without saying that we are far from happy with the way GlobalSign has handled this issue.
一句话总结:证书颁发机构在颁发新证书时错误地输入了企业编号,导致证书必须吊销,请在问题证书被吊销前及时更新以替换使用问题证书的文件。本次更新需要重新启动系统,因为在上一次更新中所安装的新驱动程序也使用了问题证书,更新替换它们需要重新启动。
|
发表于 2023-9-8 08:38:24
楼主
这么大个证书机构竟然会签错证书
