Multiple K7 Security Products incorrectly handled invalidating certain crafted untrusted TLS certificates.
List of affected products
K7TotalSecurity, K7UltimateSecurity & K7 Endpoint Security Products
Fixed Versions
K7 Computing recommends that all customers update their products to the corresponding minimum versions shown below:
K7UltimateSecurity (16.0.0650),K7TotalSecurity (16.0.0653),K7TotalSecurity-Endpoint (16.1.0621),K7 Endpoint Security (14.2.0655),K7 Enterprise Security (14.2.0708) and K7Business Security (14.2.0368).
Acknowledgments
We would like to express our gratitude to AV-Comparatives for reporting this bug to us along with comprehensive contextual POC details.
