Kaspersky is not updating
Ormandy's bug report gave, by way of demonstration, a collision between Hacker News and manchesterct.gov: "If you use Kaspersky Antivirus in Manchester, Connecticut and were wondering why Hacker News didn't work sometimes, it's because of a critical vulnerability that has effectively disabled SSL certificate validation for all 400 million Kaspersky users." Kaspersky fixed the issue on December 28.
® Update: Kaspersky has provided the following statement detailing its fixes.
You can update the Kaspersky antivirus signature database offline without using a direct Internet connection.
This is required in some security installations and for sites that access the Internet through a proxy server.
You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds.