McAfee Preps Patch for Vulnerability

Jeremy Kirk, IDG News Service

McAfee will issue a patch tomorrow for a vulnerability affecting its SecurityCenter application, a security software management tool.

The vulnerability, rated "medium" by McAfee as far as its severity, could allow an unauthorized user to run code on a remote machine, the vendor said. It affects McAfee's SecurityCenter versions 4.3 through 6.0.22.

Security vendor eEye Digital Security notified McAfee of the vulnerability on July 19. eEye withheld details of the vulnerability to not put users at risk, rating the problem as "critical."

McAfee said it is testing the patch it will release Wednesday. Some customers will receive the patch through an automated update system, while those who have opted for manual updates will have to download the patch.

Customers should verify they have the latest software updates by visiting McAfee's Web site.

Attacks Possible

For a successful attack, a user would have to open a malicious Web page seeking to exploit the vulnerability, McAfee said. The attacker would then have the same user rights as the person running the machine.

The attacker could also delete files or install other programs on the machine, eEye said in its advisory, which is posted on its Web site.

McAfee has an 18.8 percent revenue share of the antivirus market, coming in second behind Symantec at 53.6 percent, according to market analyst Gartner.