CNET también está disponible en español.

Ir a español

Don't show this again

Best Black Friday 2020 deals Macy's Thanksgiving Day Parade Pikachu Thanksgiving face masks Black Friday iPhone 12 deals A third COVID vaccine CDC's Thanksgiving guidelines Amazon's Black Friday deals

McAfee patches critical flaw in corporate products

Security hole in ePolicy Orchestrator and ProtectionPilot could let an outsider take complete control of a system.

McAfee has patched a "critical" flaw in its ePolicy Orchestrator and ProtectionPilot software that could enable an intruder to take over a vulnerable system. The problem affects ePolicy Orchestrator version 3.5.0 Patch 5 and earlier, and ProtectionPilot 1.1.1 Patch 2 and earlier, the security provider said in an advisory Monday.

The problem lies in the HTTP server component of the corporate security products, according to an advisory sent to subscribers to Symantec's Deepsight service. A remote attacker could send a malicious HTTP GET request containing code to overflow the buffer on a vulnerable machine and fully compromise it, Symantec said. It noted that an exploit for the hole is already in circulation.