Release of Security Fix 2 patch to fix a vulnerability in Kaspersky Endpoint Security 10 for Windows Workstations MR1 (version 10.2.1.23)

To fix the Heartbleed vulnerability in the OpenSSL library for Kaspersky Endpoint Security 10 Maintenance Release 1 (version 10.2.1.23) Kaspersky Lab releases the Security Fix 2 patch on June 3, 2014.

Products that require the fix

Installation

The Security Fix 2 patch is installed on top of Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows (version 10.2.1.23).

1. Download and unpack the archive. It includes the patch Security Fix 2 (patch_pfsf2.exe) and the latest version of the management plug-in (klcfginst.exe).
2. To install the patch in the silent mode, run patch_pfsf2.exe with the key –s (for example, to distribute it via Kaspersky Security Center). For a local installation, run the file from any local temporary folder.

Please note. The patch cannot be run from the root folder or the product's installation folder.

1. From the Windows command line, run the command msiexec.exe /x{3B3A68AD-1385-4F34-90D9-D706DDE87B5A} /qb to remove the previous version of the Kaspersky Endpoint Security 10 management plug-in.
2. Install the latest version of the Kaspersky Endpoint Security 10 management plug-in from the unpacked archive.

After the Security Fix 2 patch has been installed, the versions of the files libola.dll, libeay32.dll, ssleay32.dll, lic.ppl, and TrafMon2.ppl must update to 10.2.1.112 in the Kaspersky Endpoint Security 10 installation folder.

The information about the patch is displayed in the Kaspersky Lab software version report.