McAfee accidently fixes major flaw

Lucky update

By Nick Farrell

Mon Jul 17 2006, 07:55

SECURITY OUTFIT McAfee has managed to fix a major flaw in its software without being aware of it.

McAfee's ePolicy Orchestrator (ePO) Common Management Agent is installed on about 40 million PCs in large organisations. However the software had a flaw that could have resulted in a targeted computer becoming taken over by a hacker.

John Viega, vice president and chief security architect at McAfee admitted that it was one of the most serious issues that the outfit has come across. The problem was fixed when McAfee did a software update in January which was only meant to fine tune the system. It fixed the security bug too, although this was unintentional. In fact McAfee was not aware of the problem until it was told by an another security outfit.

The upgrade included changing from storing data in files to storing it in memory, which removed the flaw.

However the fix does not apply to older versions of the software, which are still vulnerable. McAfee does not know how many of its punters could still be vulnerable.

More at News.com, here. µ

McAfee admits to flaws in its Saas Total Protection Allows execute code control and spam distribution Thursday, 19 January 2012, 12:18 PM Read more	The INQUIRER review of the year A look back at the big news stories of 2011 Friday, 23 December 2011, 08:00 AM Read more
Apple bars security researcher over unsigned code test Zero-day exploit discoverer has no place in IOS developer program Tuesday, 8 November 2011, 11:42 AM Read more	Hackers control Android trojan through blog posts Provide updates and backup servers Thursday, 6 October 2011, 13:03 PM Read more
Wordpress update fixes security flaws Stop your website from getting hacked Wednesday, 6 April 2011, 12:55 PM Read more	McAfee is fixing security bugs on its website Insecurity firm is sweeping its own doorstep Tuesday, 29 March 2011, 14:40 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

SOFTWARE ENGINEER - UNIX C

SOFTWARE ENGINEER - BERKS -...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

McAfee accidently fixes major flaw

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review