0 Replies Latest reply on May 8, 2012 10:41 AM by jsonger

    Critical Hotfix for Email Gateway & Email/Web Security Products

      McAfee has released hotfixes to resolve critical issues in the following products:


      • ·McAfee Email Gateway (MEG) 7.0.1 and earlier (HF MEG-7.0h759601-2151.119.zip)
      • ·McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier (HF EWS-5.6h759921-2143.116.zip)
      • ·McAfee Email and Web Security (EWS) 5.5 Patch 6 and earlier (HF EWS-5.5h759991-2146.112.zip)


      This update must be considered Critical. The Authentication Bypass issue could allow an attacker to take control and gain ownership of the appliance. The Directory Traversal and Reflected Cross-Site Scripting (XSS) issues could reveal password file information and allow an attacker to run arbitrary JavaScript from the administrator’s browser.


      See McAfee KnowledgeBase article SB10026, https://kc.mcafee.com/corporate/index?page=content&id=SB10026 to:

      • ·Confirm your appliance version and patch level
      • ·Get additional details on the impact and remediation
      • ·Get full download instructions and links



      This does not affect MEG (IronMail) 6.7.x


      Message was edited by: jsonger on 5/8/12 10:41:46 AM CDT