McAfee has
patched a flaw in its ePolicy Orchestrator (ePO) and
ProtectionPilot platforms which is already being exploited in the
wild.
The flaw, which
affects McAfee ePolicy Orchestrator version 3.5.0 and earlier, and
McAfee ProtectionPilot version 1.1.1 and earlier, allows attackers
to remotely execute arbitrary code on users’ systems.
McAfee said this
injected code would be limited to the privileges of the ID in which
the ePolicy Orchestrator server is running on the system.
In order to
accomplish this exploit, an attacker would have to have network
access to the server machine and manage to construct a message
consisting of proprietary information.
The attack, said
McAfee, requires reverse engineering of the software as well as the
communication. The patch issued by McAfee does not allow
incorrectly formatted or sized messages to be processed by the ePO
server.
The update has been
pushed out via McAfee live update services and is also available
for download.
The company said an
exploit which takes advantage of the underlying flaw has been
released on the internet. It said the patch would prevent any
remote attacks using this exploit code.