McAfee Fixes Exploit Flaw, Accidentally

Michael Santo of RealTechNews writes:

It’s a lot easier to add a bug by accident… in fact, it’s common… than it is to fix a bug by accident. But apparently that’s what McAfee managed to do.

The flaw affects McAfee’s ePolicy Orchestrator (ePO) Common Management Agent prior to the current 3.5.5 version, technology used to manage security software installed on about 40 million PCs in large organizations, McAfee said. A successful attack that exploits the flaw could result in the full compromise of a targeted computer, the company said. [Source:]

We Say: eEye Digital Security informed McAfee of the flaw on 7/5… but by then the flaw had been fixed in the 3.5.5 version. However, that version was an optimization release, not a release designed to fix bugs. The optimizations included moving from storing certain data in files to storing data in memory, which removed the flaw. Can you say lucky? Especially since John Viega, vice president and chief security architect at McAfee indicated “It is certainly one of the most serious issues that we have come across.”

Have comments? Want to see what others have to say about this story? Join the discussion here!

About RealTechNews
When blogs became “hot,” we looked at the category and found a gap. Tech blogs were furiously covering gadgets and gizmos and new products from Asia, and the mainstream tech sites were diligently doing product reviews and news items, but no one was really sitting in the middle and bringing the best of both worlds to one place. Enter RealTechNews (RTN). Our mission is simple: We aim to bridge the gap between the informal and mostly amateur-run tech blogs and the polished but often slow and advertiser-supported tech portals.

[tags]alice hill,mcafee,real tech news,exploit fee,epolicy orchestrator,epo,john viega[/tags]