Menu
McAfee due to patch spam problem in cloud product

McAfee due to patch spam problem in cloud product

ActiveX control and file sharing problems dog antimalware SaaS

Security software provider McAfee expects to patch by today problems with its SaaS Total Protection antimalware service, one of which lets an attacker use a computer as a spam relay.

SaaS Total Protection is a hosted security service from Intel-owned McAfee. Clients sign up for the service, which provides features such as a firewall, antivirus scans and antispam services that run in McAfee's data centers.

One of the issues allows spammers to "bounce off" affected machines and allow the relaying of spam, Dave Marcus, director of security research for McAfee, wrote this week.

The problem came to light when some users reported their service providers had blocked their IP address after noticing an uptick in unsolicited email streaming from their computers.

The vulnerability can be exploited by misusing McAfee's "Rumor," a peer-to-peer file sharing technology the company developed to distribute security updates within an internal network. The spam-related problem does not, however, allow an attacker to gain access to data on the computer, Marcus wrote.

The other issue involves abuse of an ActiveX control, which is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates.

Marcus did not elaborate further on the problem but wrote that it "has much in common with a similar issue patched in August 2011. In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk."

Patches should be ready following testing by Thursday, Marcus wrote. McAfee customers using SaaS Total Protection will automatically receive the updates.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags intelactivexmcafeeTotal Protection

Featured

Slideshows

How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments