Skip to main content

McAfee Issues Patch for SaaS Total Protection Flaw

Cyber security firm, McAfee provided a patch for a bug present in its SaaS Total Protection software. This flaw allows spammers to convert protected systems to spam relays.

SaaS Total Protection suite is a cloud based solution that is designed specifically for providing comprehensive email security, centralized security management as well as web filtering for businesses.

McAfee released the update to patch a flaw which might allow hackers to execute codes on the protected machines and another flaw which might help attackers to turn the machine into spam relays.

In the company blog, director of security research at McAfee Labs, David Marcus, stated that two issues in the service have been detected in the last few days and that, "In the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our ‘rumour' technology to allow an attacker to use an affected machine as an ‘open relay,' which could be used to send spam."

The company also confirmed that the ActiveX control issue is similar to a flaw cured by the company in 2011 August and those users who installed those updates have not been affected by the latest flaw.