McAfee fixes flaw–without realizing it

by admin July 16, 2006 at 3:13 am
0 Comment

McAfee, without realizing it, has fixed a serious flaw in its popular product for managing security software, the security vendor said Friday.

The flaw affects McAfee’s ePolicy Orchestrator (ePO) Common Management Agent prior to the current 3.5.5 version, technology used to manage security software installed on about 40 million PCs in large organizations, McAfee said. A successful attack that exploits the flaw could result in the full compromise of a targeted computer, the company said.

“It is certainly one of the most serious issues that we have come across,” John Viega, vice president and chief security architect at Santa Clara, Calif.-based McAfee said in an interview.

McAfee was notified of the flaw by eEye Digital Security on July 5, but at the time had already fixed the flaw in an update to its software that was released in January, Viega said. That update, the current 3.5.5 version, was meant to fine-tune the system, not fix security flaws, he said.

“We did not realize that we had fixed a security vulnerability until eEye alerted us to the problem last week,” Viega said. “We were optimizing the system, not looking for security vulnerabilities.” The optimization included changing from storing data in files to storing it in memory, which removed the flaw, he said.

Full story: ZDNet News

Related Content
Realme C15 Launching in India on August 18: Everything We Know So Far
Facebook’s CEO to meet PM Modi today
Firefox 4 Beta 1: A Visual Tour
Now, access Facebook on mobile devices for free
more news from the blog
Messenger Key 9.7
Windows XP will be supported until 2014
New Apple iPod Touch out in September
Pop3Connector 1.7.5879
Keyfinder Thing Lite 1.05
Process Assassin 1.1
YouTube Adds HD Video Showcase, Larger Player
Internet Explorer 9 Platform Preview
DGAVCDec 1.0.1
Yahoo Launches Ad Interest Manager
All New NVIDIA Chipsets to Feature IGP and Hybrid SLI
GPX Editor 1.2.05
BootSage
Google announces overhaul of Google Video strategy, plans for YouTube's future
Intel puts four on the floor
Zinc Beta 3
Fab’s AutoBackup 3.0.0.560
Microsoft Pro Photo Tools 2.2
AVS Disc Creator 2.1.5.100
The IE7 auto-rollout: fact and fiction
Dell Begins Shipping XPS One, Its First All-In-One Entertainment Computer
GOM Encoder Demo 1.0.0.26
Analyst expects 700,000 iPads to sell this weekend
Intel Graphics Media Accelerator for Windows Vista 15.8.3
Google Begins to Make Public Data Searchable
Zoundry Raven 0.9.250
Microsoft scores victory against software piracy
Microsoft Sources Claim New Handheld Device is Coming
Apple’s Game Center: More Opportunities for Social Games Developers
AMD Planning To Ship 32nm Chips By Q4 2010
Adobe confirms zero-day vulnerability
Microsoft To Kill Windows 7 Beta On Feb. 10
Google zooms in on patents