McAfee expects to patch by Thursday two problems with its SaaS Total
Protection antimalware service, one of which lets an attacker use a
computer as a spam relay.
SaaS Total Protection is a hosted security service from Intel-owned
McAfee. Clients sign up for the service, which provides features such as
a firewall, antivirus scans and antispam services that run in McAfee's
data centers.
One of the issues allows spammers to "bounce off" affected machines
and allow the relaying of spam, Dave Marcus, director of security
research for
The problem came to light when some users reported
their service providers had blocked their IP address after noticing an
uptick in unsolicited email streaming from their computers.
The vulnerability can be exploited by misusing McAfee's "Rumor," a
peer-to-peer file sharing technology the company developed to distribute
security updates within an internal network. The spam-related problem
does not, however, allow an attacker to gain access to data on the
computer, Marcus wrote.
The other issue involves abuse of an ActiveX control, which is a
small add-on program that works in a Web browser to facilitate the
downloading of programs or security updates.
Marcus did not elaborate further on the problem but wrote that it
"has much in common with a similar issue patched in August 2011. In
fact, the patch delivered then basically cuts off the exploitation path
for this issue, effectively reducing the risk to zero. Because of this,
customer data is not directly at risk."
Patches should be ready following testing by Thursday, Marcus wrote.
McAfee customers using SaaS Total Protection will automatically receive
the updates.