[ news_security_news ]
McAfee SecurityCenter Update Fixes Flaw
Doug Caverly
Staff Writer
2006-08-01
 Insider Reports RSS Feed
McAfee has released SecurityCenter 7.0, which should fix a vulnerability found in some previous version of its SecurityCenter software. "This attack requires the end user to perform certain actions in order to be exploited," according to the security company.
McAfee learned about the flaw on July 19, and released the update on July 29 - not a bad turnaround. The corporation gave the issue a severity rating of "medium." eEye Digital Security, which discovered the problem (and informed McAfee of it), judged the risk to be "high."
"A flaw exists in multiple McAfee consumer products that could allow an attacker the ability to execute arbitrary commands on the vulnerable systems," eEye reported. "This can lead to complete system compromise at which point an attacker could install trojans, modify/delete files, or perform any other activity as a normal logged on user would."
"SecurityCenter is a consumer product, so the level of defense is less than a corporate network," said Mike Puterbaugh, a spokesman for eEye, according to Dawn Kawamoto of CNET. In her article, Kawamoto noted that "the SecurityCenter vulnerabilities mark the second time this month McAfee has been notified by eEye of flaws in its software. Earlier this month, eEye announced it had found a flaw in McAfee's ePolicy Orchestrator."
McAfee pointed out that exploiting the SecurityCenter flaw required the "assistance of an authenticated user." Also, "most users will automatically receive this update," but it can be downloaded after logging in here or by clicking "update" in SecurityCenter.
Tag: SecurityCenter
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
