On Tuesday Microsoft notified users that digital certificates have been compromised for two apps which allowed someone to remotely spoof websites and content. The issue was that the certificate and private key were the same for anyone who installed these two applications. Which allowed a hacker to decrypt the software’s private key which compromised the security of the windows computers. The certificate became susceptible to attacks like spoofing, phishing, or man-in-the-middle attacks.November 23, following a vulnerability identified in Sennheiser HeadSetup and HeadSetup Pro, new versions have been made available.
Updating the software to its latest version will rid the software of vulnerable certificates. Additionally, the invalidation by Windows November 27th of the former certificates fully eliminate the possibility to exploit the certificates.
The latest software versions are as follows:
Mac users and Windows users, that are unable to receive automatic updates from Microsoft or choose not to update their HeadSetup and HeadSetup Pro software, can find removal instructions for Macs and PCs.
All users may contact Sennheiser Communications for support: [email protected] or at +45 2943 1569 (9.00-18.00 CET)