03:23 PM
How to Prep for Millennials Being the Decision Makers, Are You Ready?
Aug 30, 2016
Millennials know exactly what they want and expectations are high - very high. They are empowered ...Read More>>

McAfee Patches Critical ePolicy Orchestrator Flaw

The flaw targets the HTTP server portion of the applications and can be triggered when an attacker sends an abnormally large source header in an HTTP request.

McAfee on Monday patched a buffer overflow vulnerability in its ePolicy Orchestrator and ProtectionPilot products that could enable remote attackers to execute code and gain control over an affected PC.

The flaw targets the HTTP server portion of the applications and can be triggered when an attacker sends an abnormally large source header in an HTTP request, according to a Symantec Deepsight Threat Management system bulletin issued Monday.

If certain ports are open and a firewall is not in place, an unpatched server could allow attackers to execute arbitrary code, David Coffey, principal security architect at McAfee, told CRN.

ePolicy Orchestrator (ePO) is security management software that provides a central console for managing McAfee enterprise security products. ProtectionPilot is software that monitors the network and automatically deploys security updates for desktop PCs, servers and e-mail systems.

Security researcher Mati Aharoni of the BackTrack Development Team discovered the vulnerability and notified McAfee on July 14.

Coffey acknowledged that McAfee was made aware of the flaw on July 14 but said the complexity of the patch and the need to conduct quality assurance prevented the Santa Clara, Calif.-based company from releasing a fix until Monday.

Exploitation of an ePO server could result in the compromise of every client system managed by that particular server, and attackers could leverage the flaw to push a new "update" file that contains a back door, according to HD Moore, director of security research at BreakingPoint Systems and developer of the open-source Metasploit vulnerability testing tool.

A Metasploit exploit module and a Python proof-of-concept have been published for the flaw, which affects McAfee ePO versions 3.5.0 patch 5 and older and ProtectionPilot versions 1.1.1 patch 2 and older.

Security firm Secunia rated the McAfee vulnerability as "moderately critical," or 3 on a 5-point scale. Symantec's Deepsight Threat Management team saw it as far more serious, assigning the flaw its highest rating of 10 on a 10 point scale.

In July, McAfee apologized for inadvertently patching a vulnerability in the agent software of ePO in an earlier update without informing customers.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.