Today we notified our customers about the product patch that we promised would be ready today. We’re posting this blog in the event that some customers might see this post before they read their email.
This patch will automatically protect Bit9 customers from any malware illegitimately signed with the affected Bit9 certificate.
All Bit9 customers can now download and install the product patch. Instructions are on the Bit9 Customer Portal.
To be clear, we recommend customers take the following steps, in this order:
- Perform a simple configuration change in your Bit9 implementation. This will protect you from any malware illegitimately signed with the affected Bit9 certificate that arrives on your system, and it will not impact your daily operation of the Bit9 platform. Instructions are on the Bit9 Customer Support Portal.
- Conduct an analysis of your environment to see if you currently have any malware associated with the affected Bit9 certificate. Instructions are on the Bit9 Customer Support Portal, and we are ready to assist you.
- Upgrade to the new product patch appropriate for the version of Bit9 you are running. If you are running Bit9 in medium- or high-enforcement mode, the patch will automatically protect you from any malware illegitimately signed with the affected Bit9 certificate. If you are using the patch to upgrade from Bit9 product version 6.x to 7.0, please contact us first.
Please contact us at CustomerCare@Bit9.com if you have any questions or concerns. We are continuing our proactive outreach and hope to talk to each of you directly.