[THIN] Article: Antivirus flaw crashes Exchange servers
- From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>, <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 13 Jun 2003 10:31:31 -0400
some of you may have interest in this
Greg
Antivirus flaw crashes Exchange servers
By Robert Lemos <mailto:rob.lemos@xxxxxxxx>
CNET News.com
June 13, 2003, 5:12 AM PT
URL: http://zdnet.com.com/2100-1105-1016887.html < =
http://zdnet.com.com/2100-1105-1016887.html >
In the digital equivalent of an autoimmune disease, Microsoft Exchange =
servers at a handful of companies have crashed because of a flaw in the =
Network Associates antivirus software that's designed to protect them.=20
Network Associates confirmed Thursday that in the past two days, four =
customers have been affected by a problem in its McAfee GroupShield 5.2 =
antivirus software for Exchange 2000 servers. A fifth company discovered =
the issue, but didn't suffer a crash, the security software maker said.=20
A patch for the flaw was issued to clients in January, said Network =
Associates <http://www.networkassociates.com>, but apparently, several =
corporations have yet to apply the fix. The vulnerability causes the =
GroupShield software to crash--corrupting the Exchange message =
store--when an e-mail message with certain characteristics is received =
by Exchange servers.
"Customers that haven't applied the patch will want to schedule some =
immediate downtime to do the administration," said a technician familiar =
with the problem. Companies that don't apply the patch could be looking =
at an extensive e-mail outage. "We are talking hours of restore time, in =
a best-case scenario," he said.=20
Vincent Gullotto, vice president for Network Associates' antivirus =
emergency response team, said he wasn't sure why the months-old issue =
had suddenly turned critical.=20
"We are thinking that someone may have found the problem (and sent =
e-mails to take advantage of it)," Gullotto said. "Or someone decided =
this week to send out a spam that had" properties that triggered the =
flaw.=20
Network Associates sent out another advisory on Thursday to warn =
customers of the issue and urge that they apply Hotfix 2 for the =
GroupShield application. (CNET News.com has confirmed the details of the =
flaw, but does not publish information about pending security issues.)=20
Originally, the affected companies assumed that the Exchange server =
problem had been caused by Microsoft software. But Microsoft's support =
teams assessed that the problem originated with McAfee GroupShield. By =
Thursday, Network Associates had determined that software left unpatched =
by its clients had caused the issue.
It's not known how many customers the flaw affects. Frequently, =
companies will not immediately apply a patch, either because they need =
to test the update or because they can't afford to have a resource as =
critical as e-mail out of action while they apply the fix.=20
In addition, companies constantly worry that the latest update for =
critical software could break other applications that rely on it. Two =
years ago, Microsoft had to release a patch for Exchange three times =
</2100-11-268382.html?tag=3Dnl> before the software giant got it right. =
And last December, a bug in a just-released version of the Linux kernel =
could have caused data loss </2100-1104-976427.html?tag=3Dnl> in systems =
that had seen a core operating-system update during a certain two-week =
period.=20
********************************************************
This weeks sponsor - Emergent Online 99Point9.com
Designed to facilitate efficient resolution of your technical server-based
questions, issues and incidents, technical support is a few mouse-clicks away:
you submit your incident-specific support requests via our online support
helpdesk, our certified engineers resolve them while you monitor the progress,
and your systems get back to 99.9% up-time in no time.
http://www.99point9.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
