Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Currently Being Moderated

SNS Bulletins for May 10, 2012

Created on: May 10, 2012 3:32 PM by whudson - Last Modified:  May 10, 2012 3:33 PM by whudson

McAfee SNS Bulletin Roundup

Week Ending  May 10, 2012

DATE                 TITLE

1.     May 03 2012       VSE 8.8 Patch 1 Hotfix 735512  Now Available

2.     May 04 2012       Vulnerability in MVT & ePO-MVT;  Update Immediately

3.     May 05 2012       ePO-MVT 1.0.8 Available;  Resolves Tool Vulnerability

4.     May 07 2012       Critical Hotfix for Email  Gateway & Email/Web Security Products

5.     May 08 2012       Network Security Platform 6.1  Software Release

6.     May 09 2012       Security Content Ver. Update  4369 for HIPs Now Available

7.     May 09 2012       Network Security Signature Set  Release Bulletin (

8.     May 10 2012       Changes to McAfee Web Gateway  Anti-Malware SDK (Jul 31, 2012)

9.     May 10 2012       Web Gateway End of Life  Announcements

10.  May 10 2012       Alternate GTI Domain Lookup -

1.    May 3 2012

VSE 8.8 Patch 1 Hotfix 735512 Now Available
VirusScan Enterprise (VSE) 8.8 Patch 1 Hotfix 735512 is now available. This  release includes resolutions to the following issues:

Issue:  When VSE 8.8 Patch 1 is installed on a system with Host Intrusion Prevention  (Host IPS), Host IPS blocks a McAfee process (mfehidin.exe) from setting Access  Control List (ACL) on a McAfee driver (mfevtps).

Issue:  A STOP error (Bugcheck 7f) could occur with the McAfee filter driver due to lost  content header information when transmitting through a raw socket on Windows 7.  This issue was seen with some third-party VPN clients.

Issue:  Third-party products that inject DLLs into processes could cause the VirusScan  Enterprise service (VsTskMgr.exe) to periodically poll data and frequently log  event 516 entries.

Issue:  On-Demand Scan stops responding and high CPU usage from McShield.exe after you  install VSE 8.8 Patch 1.

To view the release notes and download Hotfix 735512, see article KB75007:

2.    May 4, 2012

Vulnerability in MVT & ePO-MVT; Update Immediately
McAfee confirms a vulnerability in the McAfee Virtual Technician (MVT) tool and  McAfee ePO-MVT. This vulnerability allows an attacker to bypass Internet  Explorer browser security settings to remotely execute operating system  commands. An Internet Explorer script can also be created to remotely crash the  browser by specifying an arbitrary memory address. It is possible for a  malicious website to exploit the MVT vulnerability and run malicious code.

DESCRIPTION: McAfee Virtual Technician (MVT) and McAfee ePO MVT are free tools that will scan  a system to ensure that the McAfee products are installed correctly. This tool  will identify possible problems and help resolve problems detected during a  check-up process. NOTE: The MVT tool is not tied to a particular McAfee product.  Any system could have MVT installed; potentially even those systems which have  uninstalled their McAfee products.

Remediation  for MVT

McAfee has updated the MVT program. Customers can access MVT in their Programs  menu and run the MVT program to automatically update to the latest patched  version. If users previously uninstalled the program, they can simply access the  McAfee website at to run MVT and install an updated  version of the tool.

Resolution  for ePO-MVT

The updated version of ePO-MVT is expected to be ready in 72 hours. An SNS email  will go out to subscribers when the download is available.

For more information, see SB10028

3.    May 5, 2012

ePO-MVT 1.0.8 Available; Resolves Tool Vulnerability
McAfee ePO-MVT 1.0.8 is now available for download. This version resolves the  vulnerability in this McAfee tool.

To download ePO-MVT 1.0.8, go to the ePO-MVT download site at:

For more information, see SB10028:

4.    May 7 2012

Critical Hotfix for Email Gateway & Email/Web Security Products

McAfee has released hotfixes to resolve critical issues in the following  products:

·         McAfee Email Gateway (MEG) 7.0.1 and earlier (HF

·         McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier (HF

·         McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier (HF

This update must be considered Critical. The Authentication Bypass issue could  allow an attacker to take control and gain ownership of the appliance. The  Directory Traversal and Reflected Cross-Site Scripting (XSS) issues could reveal  password file information and allow an attacker to run arbitrary JavaScript from  the administrator’s browser.

See McAfee KnowledgeBase article SB10026 ( to:

·         Confirm your appliance version and patch level

·         Get additional details on the impact and remediation

·         Get full download instructions and links.

5.    May 8 2012

Network Security Platform 6.1 Software Release
The following Network Security Platform 6.1 Software is now available:

Network Security NTBA Virtual Appliance Software


For a full list of changes, see the Release Notes in PD23754:

The Software is available from:

·         McAfee Download Server (

·         Menshen (


You can now also follow NSP Updates on Twitter:!/McAfeeNSPMsgs.

6.    May 9 2012

Security Content Ver. Update 4369 for HIPs Now Available
Security content version update 4369 for Host Intrusion Prevention is now  available!

This update was posted Tuesday, May 8, 2012 to the McAfee update repository. spx.

7.    May 9 2012

Network Security Signature Set Release Bulletin (
The following Network Security Signature Set has been released and is now  available:


For updated SigSet information, see KnowledgeBase articles KB55446, KB55448, and KB50726. These articles are available only to registered  users. To view them, log into the McAfee ServicePortal at and search for the article ID..

SigSet releases are available from:

·         McAfee Download Server (

·         Menshen (

You can now follow NSP Updates on Twitter:!/McAfeeNSPMsgs.

8.    May 9 2012

Security Content Ver. Update 4369 for HIPs Now Available
Security content version update 4369 for Host Intrusion Prevention is now  available!

This update was posted Tuesday, May 8, 2012 to the McAfee update repository. spx.

9.    May 10 2012

Changes to McAfee Web Gateway Anti-Malware SDK (Jul 31, 2012)
The following announcement applies to Web Gateway customers who have licensed  McAfee Web Gateway Anti-Malware (proactive scanning).

Due to upcoming changes in the McAfee Gateway Anti-Malware SDK (proactive  scanning engine), Web Gateway will be changing the way the 3rd party AV engine  ‘Avira’ is used in the product in July 2012. Rather than an integrated component  of the proactive Gateway Anti-Malware engine, Avira will be incorporated as a  stand-alone engine. To use the stand-alone Avira engine, Web Gateway 6.x  customers must be running 6.9.


Web Gateway 7.x customers have two options for using the Avira engine after July  2012:

·         Upgrade to Web Gateway 7.1.6 within the next 4 months (this is a controlled  release)

·         Upgrade to Web Gateway 7.2 which will be available in late April (this will be a  main release)

McAfee recommends that customers plan their migration strategy prior to   July 2012.


Generally McAfee Web Gateway protections have consisted of three tightly  integrated but different scanning engines licensed in two packages: McAfee  Anti-Malware with File Reputation (included with the base Web Security license)  and  the separately licensed McAfee Gateway Anti-Malware engine (which  includes both the Proactive Scanning engine and Avira).

Due to the effectiveness of the combined McAfee Anti-Malware and proactive  scanning in the Gateway Anti-Malware engine, the need for supplemental signature  coverage from a 3rd-party such as Avira is minimal. 

Customers may also choose to continue to run their existing Web Gateway version,  which will continue to work a after July 2012 but will not use the Avira AV  component.

For more information, see KnowledgeBase article KB73748:

10.  May 10 2012

Web Gateway End of Life Announcements
McAfee SME250 (Webwasher) Subscription License EOL

The McAfee SME250 (Webwasher) subscription license End of Life (EOL) date is  June 30, 2012. Customers should consider standard Web Gateway licenses as a  replacement. 

McAfee Web Gateway (Webwasher) Anti-Spam Module EOL

The McAfee Web Gateway (Webwasher) Anti-Spam Module End of Life (EOL) date is  June 30, 2012. Customers should consider McAfee Email Protection as a  replacement.

For more information, see the Software section of the McAfee Product and  Technology Support Lifecycle page:

McAfee SME250 (Webwasher) Appliance EOL

The McAfee SME250 (Webwasher) appliance End of Life (EOL) date is August 31,  2012. This announcement affects Appliances that were originally purchased prior  to August 31, 2007. McAfee recommends upgrading to supported Appliance model  before this date to avoid interruption of product support.

For more information, see the Appliances section of the McAfee Product and  Technology Support Lifecycle page:

11.  May 10 2012

Alternate GTI Domain Lookup -
McAfee products that use VSCore version or later will send the GTI  File Reputation queries to an alternate domain:

These include:

·         VirusScan Enterprise (VSE) 8.8 Patch 1 and VSE 8.7 Patch 5

·         Consumer products: Platinum and Emerald (14.5 and 15.0)

·         SaaS Endpoint Protection 5.2.3

·         Future McAfee GTI File Reputation-based products

All other McAfee products including GTI Proxy will continue to send GTI File  Reputation queries to

NOTE: This update is planned as part of a DAT update in Q3 2012. McAfee Labs will  announce the exact DAT version as soon as possible.

For more information, see KB53733:

Comments (0)