Operating systems that connect to the internet also come with a root certificate store – that is a list of encryption certificates that can be trusted. For example: when you visit a site that is supposed to be secure, such as your bank’s website, it’s those certificates that ensure the fact that the website is your bank’s website and not a fake one.
When the root certificate store is interfered with, that can cause a number of problems and it seems like Sennheiser has one. Or had one, according to the company.
The company’s HeadSetup software apparently has a flaw, according to security specialist Servco, which installs insecure certificates in the root store, which, in turn, renders the operating systems vulnerable to attacks.
The flaw was initially discovered in July and was reported to Sennheiser. Servco kept back full details on the issue until October, while Sennheiser released an update to fix the software only in November.
Uninstalling the programs will not fix the issue but Microsoft invalidated the bad certificates on November 27th, hence completely eliminating any other problems that might arive from further certificate exploitation.
But still, if you’ve already got the update, just to stay on the safe side, perhaps re-intalling the system wouldn’t be such a bad idea.