McAfee admits, fixes design flaw -- ADTmag

McAfee admits, fixes design flaw

By ADT Staff
July 17, 2006

The antivirus software selected by more than one-third of companies throughout the United States and Europe was the subject of a serious security flaw earlier this year, leaving its users in the dark. McAfee publicized the flaw and its fix through an apologetic e-mail issued to its customers last week.

The design flaw hinders McAfee’s ePolicy Orchestrator, a corporate edition tool that manages security software throughout thousands of computers within large orgs, including the U.S. Department of Defense, which runs the software for its computer intrusion prevention systems. The flaw makes the software susceptible to hackers looking to control the system to steal data, delete files or store malicious programs. But it does not affect McAfee’s consumer software versions because they do not rely on its centralized management tool for updates to protect against new viruses and threats.

Despite internally discovering the flaw six months ago, McAfee waited until July 14 before notifying their users, days after eEye Digital Security was said to have notified McAfee.

According to AP reports, reps from the Santa Clara, Calif.-based company say McAfee released the update under the guise of new features availability. But some users─unaware of the flaw─opted not to upgrade the software, fearing it could introduce a host of new problems within their orgs. Now McAfee is urging all of its corporate edition customers to upgrade their software.

“McAfee believes in providing the most secure software to customers and worked closely with the private research team to validate that this update solves the security flaw…” the company said in a statement. “The update has been pushed to all live update servers and [has been] available for download since February of this year. This update will remedy the risk associated with this security flaw.”

McAfee Public Relations Manager Erica Coleman says the company recently posted a security bulletin to its Web site. The alert says the Common Management Agent Update 3.5.5 or higher will fix the design vulnerability.

A spokesman for the company said there are no known incidents resulting from the flaw.

Featured

AppTrends

Email Address*Country*

Please type the letters/numbers you see above.

Upcoming Training Events

0 AM

Visual Studio Live! Chicago
April 29-May 3, 2024

VSLive! 2-Day Training Seminar: Building Cloud-Ready, Resilient Systems in .NET
June 4-5, 2024

VSLive! 4-Day Hands-On Training Seminar: Full Stack Hands-On Development with .NET (Core)
July 16-19, 2024

Visual Studio Live! Microsoft HQ
August 5-9, 2024

Live! 360 2-Day Hands-On Seminar: Swimming in the Lakes of Microsoft Fabric and AI - A Hands-on Experience
August 20-21, 2024

VSLive! 4-Day Hands-On Training Seminar: Hands-on with Blazor
September 17-20, 2024

VSLive! 2-Day Hands-On Training Seminar: Developing Secure ASP.NET Web Apps
September 24-25, 2024

Live! 360 Orlando
November 17-22, 2024

VSLive! 4-Day Hands-On Training Seminar: Full Stack Hands-On Development with .NET (Core)
December 10-13, 2024

Free White Papers

More Tech Library