McAfee patches flaw in ePO


McAfee patches flaw in ePO

Antony Savvas

McAfee has patched a flaw in its ePolicy Orchestrator (ePO) and ProtectionPilot platforms which is already being exploited in the wild.

The flaw, which affects McAfee ePolicy Orchestrator version 3.5.0 and earlier, and McAfee ProtectionPilot version 1.1.1 and earlier, allows attackers to remotely execute arbitrary code on users’ systems.

McAfee said this injected code would be limited to the privileges of the ID in which the ePolicy Orchestrator server is running on the system. 

In order to accomplish this exploit, an attacker would have to have network access to the server machine and manage to construct a message consisting of proprietary information. 

The attack, said McAfee, requires reverse engineering of the software as well as the communication. The patch issued by McAfee does not allow incorrectly formatted or sized messages to be processed by the ePO server.

The update has been pushed out via McAfee live update services and is also available for download.

The company said an exploit which takes advantage of the underlying flaw has been released on the internet. It said the patch would prevent any remote attacks using this exploit code.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy