PSA: McAfee Computer Security Patches Flaw: Are You Fixed?
Earlier this week, the McAfee group began sending out a fix to stopper up a flaw which turned their protection service into a hijacked spam festival. The flaw, they say, was allowing hackers to attach themselves to your computer specifically and shoot spam throughout your machine – hijacking that which was supposed to be protected using a flaw in the system that was supposed to be doing the protecting. The exploit was reported earlier this week by two customers who were taken aback by the flaw earlier this week, McAfee responding with a fix now here at the end of it.
It was Tuesday when the flaw was exposed by two rightfully mad customers, with McAfee responding with as quick a fix as they could muster soon after. What this fix does, they say, is to shut down one of the features involved in the exploit down completely and make additional fixes which make the security risk again reduce down "to zero." As McAfee said this week:
"We have mitigating factors already in place that reduce risk. The patch for the spam issue is now rolling out to customers, and everyone should have the update shortly." – McAfee
One vulnerability was found in the ActiveX control and allowed attackers to execute their own arbitrary code, the other found in McAfee's Rumor Technology, this being the one that allowed hackers to turn your computer into a Spam magnet. While these problems appear now to only be affecting SaaS products or business users with the Enterprise version, you should keep your eyes open, consumers, for similar breaks if you know how to look.
The way you'll be able to make a quick check on if you've been affected by this situation, you SaaS product users or business owners with the Enterprise version, is to simply contact your internet service provider and ask if you've had unusual traffic spikes lately. You'll have already noticed that your internet speed has been slow as of late as well – though that could be anything, technically. Stay safe, everyone!
[via SecurityWatch]