some of you may have interest in this Greg Antivirus flaw crashes Exchange servers By Robert Lemos <mailto:rob.lemos@xxxxxxxx> CNET News.com June 13, 2003, 5:12 AM PT URL: http://zdnet.com.com/2100-1105-1016887.html < = http://zdnet.com.com/2100-1105-1016887.html > In the digital equivalent of an autoimmune disease, Microsoft Exchange = servers at a handful of companies have crashed because of a flaw in the = Network Associates antivirus software that's designed to protect them.=20 Network Associates confirmed Thursday that in the past two days, four = customers have been affected by a problem in its McAfee GroupShield 5.2 = antivirus software for Exchange 2000 servers. A fifth company discovered = the issue, but didn't suffer a crash, the security software maker said.=20 A patch for the flaw was issued to clients in January, said Network = Associates <http://www.networkassociates.com>, but apparently, several = corporations have yet to apply the fix. The vulnerability causes the = GroupShield software to crash--corrupting the Exchange message = store--when an e-mail message with certain characteristics is received = by Exchange servers. "Customers that haven't applied the patch will want to schedule some = immediate downtime to do the administration," said a technician familiar = with the problem. Companies that don't apply the patch could be looking = at an extensive e-mail outage. "We are talking hours of restore time, in = a best-case scenario," he said.=20 Vincent Gullotto, vice president for Network Associates' antivirus = emergency response team, said he wasn't sure why the months-old issue = had suddenly turned critical.=20 "We are thinking that someone may have found the problem (and sent = e-mails to take advantage of it)," Gullotto said. "Or someone decided = this week to send out a spam that had" properties that triggered the = flaw.=20 Network Associates sent out another advisory on Thursday to warn = customers of the issue and urge that they apply Hotfix 2 for the = GroupShield application. (CNET News.com has confirmed the details of the = flaw, but does not publish information about pending security issues.)=20 Originally, the affected companies assumed that the Exchange server = problem had been caused by Microsoft software. But Microsoft's support = teams assessed that the problem originated with McAfee GroupShield. By = Thursday, Network Associates had determined that software left unpatched = by its clients had caused the issue. It's not known how many customers the flaw affects. Frequently, = companies will not immediately apply a patch, either because they need = to test the update or because they can't afford to have a resource as = critical as e-mail out of action while they apply the fix.=20 In addition, companies constantly worry that the latest update for = critical software could break other applications that rely on it. Two = years ago, Microsoft had to release a patch for Exchange three times = </2100-11-268382.html?tag=3Dnl> before the software giant got it right. = And last December, a bug in a just-released version of the Linux kernel = could have caused data loss </2100-1104-976427.html?tag=3Dnl> in systems = that had seen a core operating-system update during a certain two-week = period.=20 ******************************************************** This weeks sponsor - Emergent Online 99Point9.com Designed to facilitate efficient resolution of your technical server-based questions, issues and incidents, technical support is a few mouse-clicks away: you submit your incident-specific support requests via our online support helpdesk, our certified engineers resolve them while you monitor the progress, and your systems get back to 99.9% up-time in no time. http://www.99point9.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm