June 12, 2003 3:20 PM PDT
Antivirus flaw downs mail servers
- Related Stories
Microsoft to buy antivirus software makerJune 10, 2003
Network Associates gobbles anti-spammerJanuary 6, 2003
Data-loss bug afflicts LinuxDecember 6, 2002
Microsoft 'incredibly sorry' about goofed fixJune 13, 2001
Short Take: Network Associates unveils McAfee GroupShieldNovember 22, 1999
Network Associates confirmed Thursday that in the past two days, four customers have been affected by a problem in its McAfee GroupShield 5.2 antivirus software for Exchange 2000 servers. A fifth company discovered the issue, but didn't suffer a crash, the security software maker said.
A patch for the flaw was issued to clients in January, said Network Associates, but apparently, several corporations have yet to apply the fix. The vulnerability causes the GroupShield software to crash--corrupting the Exchange message store--when an e-mail message with certain characteristics is received by Exchange servers.
"Customers that haven't applied the patch will want to schedule some immediate downtime to do the administration," said a technician familiar with the problem. Companies that don't apply the patch could be looking at an extensive e-mail outage. "We are talking hours of restore time, in a best-case scenario," he said.
Vincent Gullotto, vice president for Network Associates' antivirus emergency response team, said he wasn't sure why the months-old issue had suddenly turned critical.
"We are thinking that someone may have found the problem (and sent e-mails to take advantage of it)," Gullotto said. "Or someone decided this week to send out a spam that had" properties that triggered the flaw.
Network Associates sent out another advisory on Thursday to warn customers of the issue and urge that they apply Hotfix 2 for the GroupShield application. (CNET News.com has confirmed the details of the flaw, but does not publish information about pending security issues.)
Originally, the affected companies assumed that the Exchange server problem had been caused by Microsoft software. But Microsoft's support teams assessed that the problem originated with McAfee GroupShield. By Thursday, Network Associates had determined that software left unpatched by its clients had caused the issue.
It's not known how many customers the flaw affects. Frequently, companies will not immediately apply a patch, either because they need to test the update or because they can't afford to have a resource as critical as e-mail out of action while they apply the fix.
In addition, companies constantly worry that the latest update for critical software could break other applications that rely on it. Two years ago, Microsoft had to release a patch for Exchange three times before the software giant got it right. And last December, a bug in a just-released version of the Linux kernel could have caused data loss in systems that had seen a core operating-system update during a certain two-week period.
News.com's Michael Kanellos contributed to this report.