McAfee accidentally fixes a serious error

Security firm McAfee, over the weekend, said it had overcome a serious security flaw in its security management software that it didn't recognize before.

This security error primarily affects ePolicy Orchestrator software (ePO) Common Management Agent version 3.5.5 or earlier. This is security management software installed on about 40 million different PCs in large organizations. If you successfully exploit this security error, the attacker can take over the entire control of the faulty system.

" This is one of the most serious security flaws in our product, " said John Viega, McAfee's vice president and chief security architect.

McAfee has been notified by eEye Digital Security about this security error from July 5. But in the update released in January this security error has been fixed. However, it is not a security update, but an update to improve the performance of the software.

" We didn't realize we had fixed that security error until eEye warned us ," Viega said. " We just want to optimize the software system, not looking for security errors. But thankfully, that work has helped us overcome a very dangerous security error ."

McAfee said this security error has no effect on systems that do not have security management software installed.

This security error arises in the Framework Service component, security firm eEye said in a warning message issued last Thursday. This wearable service is enabled and operated on all servers and clients.

" If successfully exploited, an attacker can write a file that has any content anywhere on the system that makes a mistake ," eEye said.

To be able to exploit this security error, an attacker needs to access the network to the client system to send a message in a special format.

McAfee recommends that users should quickly install updates released through its website.

Hoang Dung