Skip to main content
  1. Home
  2. Computing
  3. News

McAfee patches flaw that turned protected systems into spam relays

Geoff Duncan
By
McAfee SaaS Total Protection
Image used with permission by copyright holder

Security software is an everyday necessity for most people, especially Windows users, businesses, and enterprises. But one of the ironies of security software is that, once in a while, it turns out to be the source of security problems all by itself. The latest instance involves McAfee’s SaaS Total Protection suite, a cloud-based solution designed to provide comprehensive email and and Web filtering along with centralized security management for businesses and organizations. However, McAfee has just had to issue an update to the service to block a flaw that could let attackers execute code on protected machines, and to fix another problem that could potentially enable attackers to turn protected systems into spam relays.

“Two issues in SaaS for Total Protection have arisen in the past few days,” wrote McAfee’s David Marcus in the company’s blog. “In the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our ‘rumor’ technology to allow an attacker to use an affected machine as an ‘open relay,’ which could be used to send spam.”

Recommended Videos

McAfee says the ActiveX control issue, while new, is similar to a problem the company patched back in August 2011: As long as customers have applied that update, they aren’t vulnerable to the new problem. McAfee has begun rolling out an update for the spam relaying issue, and customers should receive the update soon if they haven’t already.

Related

The Saas Total Protection suite’s “rumor” technology enables protected computers to communicate updates with each other in a fashion like peer-to-peer networking. The idea is to distribute updates automatically in-house on local networks rather than forcing every protected system to grab new updates from McAfee, potentially straining an organization’s Internet connectivity. According to reports, the service installs itself even if users don’t specifically ask for it, and while it can be shut down using Windows’ built-in administrative tools it gets restarted whenever McAfee delivers a software update.

Although the spamming vulnerability never put data on protected machines at any risk, attackers were able to use the rumor service to essentially bounce email messages off the protected systems, making it appear to the rest of the Internet that the McAfee-protected computers were the origin of the spam, rather than the attackers themselves. As a result, some McAfee users were mysteriously finding their machines and networks blocked by spam filters — in one case, apparently by McAfee’s own antispam technology within the organization.

McAfee was acquired by Intel in 2010.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
You’re going to hate the latest change to Windows 11
A laptop running Windows 11.

Just two weeks after rolling out a preview build to Windows Insiders, Microsoft is pushing out an update to Windows 11 that adds advertisements to the Start menu. Build KB5036980, which is now slowly rolling out to the wider Windows 11 user base, includes recommendations in the Start menu, and they sneakily sit beside your real apps.

These apps comes exclusively from the Microsoft store, and they sit in the Recommended section of the Start menu. This section includes recently used, frequent, and new apps, but one (or more) slots will now be dedicated to an ad. As the update reads: "The Recommended section of the Start menu will show some Microsoft Store apps. These apps come from a small set of curated developers. This will help you to discover some of the great apps that are available."

Read more
Save $150 on a lifetime license for Microsoft Office for PC
microsoft office professional 2021 deal stack social april 2024 bundle

For one of the cheapest Office deals today, check out Stack Social which currently has a lifetime license for Microsoft Office Professional 2021 for Windows for just $70. The product normally costs $220 so you’re saving $150 off the regular price, all while gaining a lifetime license for some very useful software. If you’ve been considering getting Office and don’t want to deal with the ongoing nature of Office 365, this is a good opportunity to do so for less. Here’s what you need to know before you click the buy button.

Why you should buy Microsoft Office Professional 2021
If you’ve been reading up on whether to use Microsoft Word or Google Docs and you’ve settled on Word, snapping up Microsoft Office Professional 2021 is a great way to do so for less. Described as everything a pro needs, Microsoft Office Professional 2021 is pretty great.

Read more
Best Squarespace deals: Save on domains, web builder, and more
A laptop with Squarespace displayed on the screen.

Nowadays, everybody has a website, whether it's for personal stuff, to show off their online portfolio, or even to sell something. Of course, building a website isn't always easy, especially for those who aren't tech-savvy, but you'll be surprised at how easy it is to build a website with Squarespace, even for beginners. Luckily, there is currently a great sale going on at Squarespace to give you an extra nudge to grab yourself a subscription, with annual plans giving you up to 36% off, as well as a short-term 20% off sitewide with the code W4D20.

Besides just website building, there are a ton of perks of subscription, from hosting to email campaigns and even Squarespace Courses, which is pretty unique for a website-building website. So, if that sounds like something you'd like to be a part of, we've listed all the ways you can save on Squarespace subscriptions below.
Today’s best Squarespace deals

Read more