There have been an incredibly large number of vulnerabilities this year, which unfortunately is going to cause a syntax change in MITRE’s CVE-ID. The current syntax will max out at 9,999 vulnerabilities, so the change is to start adding additional digits. When the CVE count breaks 10,000, MITRE will be adding an extra digit onto the end of their CVE-IDs. The resulting CVE change will drive a change in how we import content for Shavlik Protect 9.1 and 9.0.
The deadline for the change is January 15, 2015, but due to the high volume of vulnerabilities releasing this year the change in format may be forced upon us early. We have released an update for Protect 9.1 and are working on the Protect 9.0 update to prevent the format change from causing issues. The patch will prevent import of new content from failing avoiding an inconvenience to our customers. Protect 9.1 Patch 2 is available now and the Protect 9.0 Patch 2 will be coming in the next couple of weeks. Although the updates do not include a security fix, this is a critical bug fix that has a ticking timer.
To upgrade you can follow the instructions below based on version of Protect.
Upgrade Protect 9.1 to Patch 2:
- Download Protect v9.1 Patch 2 from http://www.shavlik.com/downloads/protect/. Patch 2 includes fixes from Patch 1 as well, so customers on Protect 9.1.4446 or 9.1.4334 can upgrade with the same patch.
Upgrade Protect 9.0 to 9.1 Patch 2 or 9.0 Patch 2:
- (Recommended) For 9.0 customers you will now see that auto update to 9.1 Patch 2 is enabled in product. You can click the auto update link in the bottom right corner of Protect when you open it and it will download the full installer upgrading you to Protect 9.1 Patch 2.
- If you are unable to upgrade to Protect 9.1 at this time we are in the process of releasing a similar fix for Protect 9.0. This update will be coming in a couple of weeks and can be applied very easily to Protect 9.0. The change is entirely database schema related so no binaries are updated on Protect 9.0 console.
Please note that if you have not applied Patch 2 for either version, there will be a point in the not too distant future where you may not be able to import new content. We would like to avoid this as much as you would, so plan for this patch update as soon as possible.
The Shavlik Team