Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1603 Views 6 Replies Latest reply: Jan 19, 2012 8:54 PM by Hayton RSS
Red Dawn Newcomer 73 posts since
Aug 3, 2007
Currently Being Moderated

Jan 16, 2012 4:14 PM

Critical hole in McAfee products

Critical hole in McAfee products still open after more than 180 days

http://www.h-online.com/security/news/item/Critical-hole-in-McAfee-products-stil l-open-after-more-than-180-days-1413775.html

 

 

Does this affect home users?

 

And why hasn't it been addressed?

 

 


  • Hayton Volunteer Moderator 4,604 posts since
    Sep 27, 2010
    Currently Being Moderated
    1. Jan 16, 2012 6:19 PM (in response to Red Dawn)
    Re: Critical hole in McAfee products

    All I can say about this is that it only affects SaaS products, in other words the problem is confined to Business users with the Enterprise version. Home users, for once, don't have to worry about it.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • ccoldren McAfee Employee 7 posts since
    Nov 4, 2009
    Currently Being Moderated
    3. Jan 17, 2012 2:24 PM (in response to Red Dawn)
    Re: Critical hole in McAfee products

    Hello there, Red Dawn. McAfee is aware of this article. It is in reference to a security issue with McAfee Total Protection Service, our SaaS AV hosted product, which was fixed in a patch released in August 2011. McAfee is releasing another patch later this week that will remove the functionality altogether (which was made obsolete by the August patch). As this is a hosted solution, the patch process will be automatic. Again, the August 2011 patch mitigated the issue. Thanks for asking about this.

     

    Message was edited by: ccoldren on 1/17/12 2:24:11 PM CST
  • Hayton Volunteer Moderator 4,604 posts since
    Sep 27, 2010
    Currently Being Moderated
    4. Jan 17, 2012 8:40 PM (in response to Red Dawn)
    Re: Critical hole in McAfee products

    Now fixed

     

    -----------------------------------

    McAfee Labs Security Advisory

    -----------------------------

    MTIS12-009 - January 17, 2012

     

    Executive Summary

    Since the last McAfee(R) Labs Security Advisory (January 13),

    the following noteworthy events have taken place:

     

    McAfee has published KB73910, covering a Remote Code Execution vulnerability in McAfee SaaS Endpoint Protection.

    

    See

    https://kc.mcafee.com/corporate/index?page=content&id=KB73910

     

    Solution

    McAFee addressed this issue on July 28, 2011. See McAfee Security Bulletin SB10016.

     

     

    https://kc.mcafee.com/corporate/index?page=content&id=SB10016

     

    Description

    This update fixes two bugs in ActiveX controls that the SaaS Endpoint Protection product uses to do its normal operations.

     

    Message was edited by: Hayton on 18/01/12 02:40:34 GMT

    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,604 posts since
    Sep 27, 2010
    Currently Being Moderated
    6. Jan 19, 2012 8:54 PM (in response to Red Dawn)
    Re: Critical hole in McAfee products

    Well, actually I jumped the gun. There were two issues here, not one, and the fix I pointed to was for the first. The fix for the second was to have been released sometime yesterday. There's a discussion going on about the technical details in another forum, which is how I learned of the second problem. But, anyway, it should all be fixed now.


    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points