Does this affect home users?
And why hasn't it been addressed?
All I can say about this is that it only affects SaaS products, in other words the problem is confined to Business users with the Enterprise version. Home users, for once, don't have to worry about it.
Hello there, Red Dawn. McAfee is aware of this article. It is in reference to a security issue with McAfee Total Protection Service, our SaaS AV hosted product, which was fixed in a patch released in August 2011. McAfee is releasing another patch later this week that will remove the functionality altogether (which was made obsolete by the August patch). As this is a hosted solution, the patch process will be automatic. Again, the August 2011 patch mitigated the issue. Thanks for asking about this.
Message was edited by: ccoldren on 1/17/12 2:24:11 PM CST
McAfee Labs Security Advisory
MTIS12-009 - January 17, 2012
Since the last McAfee(R) Labs Security Advisory (January 13),
the following noteworthy events have taken place:
McAfee has published KB73910, covering a Remote Code Execution vulnerability in McAfee SaaS Endpoint Protection.
SolutionMcAFee addressed this issue on July 28, 2011. See McAfee Security Bulletin SB10016.
This update fixes two bugs in ActiveX controls that the SaaS Endpoint Protection product uses to do its normal operations.
Message was edited by: Hayton on 18/01/12 02:40:34 GMT
Well, actually I jumped the gun. There were two issues here, not one, and the fix I pointed to was for the first. The fix for the second was to have been released sometime yesterday. There's a discussion going on about the technical details in another forum, which is how I learned of the second problem. But, anyway, it should all be fixed now.