Sennheiser says its update rids HeadSetup of vulnerable certificates. You can download it from the company's support site. To be clear, the problem doesn't lie with the company's hardware -- which ranges from wireless headphones to office headsets.

In the wake of Secorvo's report, Microsoft also warned users that digital certificates were disclosed in Sennheiser's apps, which could allow bad actors to remotely spoof websites or content. The flaw is being compared to the Lenovo Superfish bug from 2015: a preloaded adware on Lenovo's laptops that installed a man-in-the-middle certificate, allowing hackers to spy on secure websites users were visiting.