McAfee has patched a flaw in its ePolicy Orchestrator (ePO) and ProtectionPilot platforms which is already being...
exploited in the wild.
The flaw, which affects McAfee ePolicy Orchestrator version 3.5.0 and earlier, and McAfee ProtectionPilot version 1.1.1 and earlier, allows attackers to remotely execute arbitrary code on users’ systems.
McAfee said this injected code would be limited to the privileges of the ID in which the ePolicy Orchestrator server is running on the system.
In order to accomplish this exploit, an attacker would have to have network access to the server machine and manage to construct a message consisting of proprietary information.
The attack, said McAfee, requires reverse engineering of the software as well as the communication. The patch issued by McAfee does not allow incorrectly formatted or sized messages to be processed by the ePO server.
The update has been pushed out via McAfee live update services and is also available for download.
The company said an exploit which takes advantage of the underlying flaw has been released on the internet. It said the patch would prevent any remote attacks using this exploit code.