I attempted replacing the files with 1.0.1g as well on an agent handler and while the process was sucessful, the vulnerability still existed according to nexpose
If its public facing test it from this site. Also, you might need to bounce services or the box to clear the memory.
I'm not going to potentially screw up tens of thousands of agents with an 'unsupported' fix... I need an official hotfix/patch or advisory from McAfee. NOW.
It's just ridiculous that McAfee can't manage to publish a list of ALL affected products within reasonable time, let alone a hotfix/patch within 48h.
Gotta weigh your options. Whats the potential data loss ? Is that risk greater then trying an unsupported fix ? I agree Mcafee should have a fix by now.
Well that's the point.. how big is the risk? I honestly don't know.
But I'm not going to try anything on my own, this is an enterprise application.
Thousands of clients worldwide, zero space for experiments.
I was in our test environment in our attmepts to repair. wasn't about to try an non approved solution in production especially if the potential data loss is minimal. on a side note if anyone is running NSM there was an updated UDS signature released last night. we found the initial signature ineffective in detecting the attack when using http://filippo.io/Heartbleed/. thanks for all the input!
Of course I do have a test environment.. but why should I try to fix it on my own? I'm a customer.
Try and error is certainly the wrong method to solve this problem.
Well.. if you have a test environment that mirrors production, and you test it there and it works without issue, and you backup the files you are replacing just in case, then thats a pretty good indication it will work smoothly in prod. So, I'm not sure that could be called trial and error. If you have banking passwords to protect then I would suggest going this route asap. The worst that could happen is brief outage to your EPO reporting.
If your site protects unimportant data, like the names children have chosen for their Build-a-Bears for the past year, then wait. Shame on us all for using Mcafee products to start with.
"Shame on us all for using Mcafee products to start with."
Agreed, it is an embarrassment that we had to resort to using unofficial patches but since McAfee will not even bother to acknowledge that ePO is vulnerable what choice do we have? Is security through obscurity the new mantra for McAfee?.