Emsisoft, an endpoint security firm, has issued a critical advisory to its users, urging them to update their anti-malware and security products and reboot their systems. This action comes in response to the improper issuance of their Extended Validation (EV) code signing certificate, which was used to sign program files created after its renewal on August 23. The certificate, originally issued by GlobalSign, contained inaccuracies in the business information.
Furthermore, GlobalSign has since revoked the incorrect certificate and issued a new one on September 8, prompting Emsisoft to re-sign all files using the correct certificate and make updates available.
However, the situation is complicated by the fact that the improperly issued certificate was used to sign a new driver component. When a certificate authority revokes a certificate, software files signed with it trigger security warnings, and drivers may fail to load, potentially compromising system protection. To resolve this, users may need to reinstall the affected software to restore full protection.
Additionally, as a precaution, Emsisoft advises all customers to ensure automatic updates are enabled in their security products and to reboot their computers before September 22, 2023, to mitigate potential security risks.
At the same time, this incident underscores the critical role digital certificates play in ensuring the security and integrity of software. Emsisoft’s swift response in re-signing files with the correct certificate and providing updates demonstrates their commitment to maintaining user security. Users are encouraged to follow the company’s guidance to safeguard their systems and data effectively.
