McAfee fixes major security flaw


McAfee fixes major security flaw

Tash Shifrin

Anti-virus specialist McAfee has been criticised after it “silently fixed” a security bug in its ePolicy Orchestrator software.

Security firm eEye Digital spotted the flaw in ePolicy Orchestrator, the remote security management software for the McAfee enterprise product suite. The bug found in the software’s Common Management (EPO) Agent could allow attackers to anonymously compromise an affected system and execute code, eEye Digital warned.

In an advisory notice, eEye Digital said the company and McAfee had each independently discovered the flaw. “McAfee had silently fixed this vulnerability, prior to the discovery by eEye,” it noted.

But it added, “It is good for any software company to be proactive in trying to secure their software. However, it is equally important for software vendors to create a separation of security and features when providing updates.

“In this case, fixing an extremely critical vulnerability without the proper notification is a disservice to customers.”

Users who were not informed that McAfee’s update fixed a security bug might “choose to stick with their current deployments, rather than re-deploying hundreds, if not thousands, of new agents for what would appear to solely contain innocuous feature updates”, eEye Digital warned.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy