Security vendor McAfee issued a patch on Thursday to address a problem impacting its SaaS Total Protection service, including a bug that allows attackers to turn a computer into a relay point for spam.
The Intel-owned company’s SaaS Total Protection is an integrated suite of software-as-a-service (SaaS) offerings that includes Web filtering, antivirus and anti-spam capabilities. However, early this week users began complaining of a problem in the service’s ‘Rumor Technology,’ which uses file-sharing intelligence to distribute security updates within a network.
The idea behind Rumor is to enable McAfee McAfee SaaS Endpoint Protection installed agents to share anti-virus, anti-spyware and firewall product updates and upgrades with one another across a local area network, thereby saving bandwidth and management time.
However, users complained that service providers were blocking their IP address after noticing an increase in spam coming from their machines. Keith and Annabel Morrigan of British art company Kaamar warned in a blog post Monday that the issue turned affected computers into “open proxies” and that spammers were abusing port 6515.
“This means that your IP address can be used by anyone to bounce messages and spam on to other sites, as if coming from your address,” they wrote.
Though the vulnerability in the Rumor technology enables an attacker to use the machine as an “open relay,” it does not give the attacker access to data on the computer, Dave Marcus, director of security research for McAfee Labs, wrote in a blog post.
The other issue involved the abuse of an ActiveX control to execute code.
“(This) issue has much in common with a similar issue patched in August 2011,” Marcus explained. “In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk.”
McAfee customers using SaaS Total Protection will automatically receive the updates.
(Updated 3:05PM EST to Reflect the being being rolled out)
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
