Network Associates confirmed Thursday that in the past two days, four customers have been affected by a problem in its McAfee GroupShield 5.2 antivirus software for Exchange 2000 servers. A fifth company discovered the issue, but didn't suffer a crash, the security software maker said.
A patch for the flaw was issued to clients in January, said Network Associates, but apparently several corporations have yet to apply the fix. The vulnerability causes the GroupShield software to crash--corrupting the Exchange message store--when an e-mail message with certain characteristics is received by Exchange servers.
"Customers that haven't applied the patch will want to schedule some immediate downtime to do the administration," said a technician familiar with the problem. Companies that don't apply the patch could be looking at an extensive e-mail outage. "We are talking hours of restore time, in a best-case scenario," he said.
Vincent Gullotto, vice president for Network Associates' antivirus emergency response team, said he wasn't sure why the months-old issue had suddenly turned critical.
"We are thinking that someone may have found the problem (and sent e-mails to take advantage of it)," Gullotto said. "Or someone decided this week to send out a spam that had properties that triggered the flaw".
Network Associates sent out another advisory on Thursday to warn customers of the issue and urge that they apply Hotfix 2 for the GroupShield application.
Originally, the affected companies assumed that the Exchange server problem had been caused by Microsoft software. But Microsoft's support teams deemed the problem originated with McAfee GroupShield. By Thursday, Network Associates had determined that software left unpatched by its clients had caused the issue.
It's not known how many customers the flaw affects. Frequently, companies will not immediately apply a patch, either because they need to test the update or because they can't afford to have a resource as critical as e-mail out of action while they apply the fix.
In addition, companies constantly worry that the latest update for critical software could break other applications that rely on it. Two years ago, Microsoft had to release a patch for Exchange three times before the software giant got it right. And last December, a bug in a just-released version of the Linux kernel could have caused data loss in systems that had seen a core operating-system update during a certain two-week period.
Michael Kanellos contributed to this report.
Well well, Microsoft can't provide an Antivirus of it own; and CA's seems to not be up to par. Well Microsoft will buy RAV, the Linux Antivirus software, that Microsoft will stop production on when the sale is complete.
Ok, this is a Microsoft move; buy what they cannot do... make and call it their own... Microsoft needs the Linux community to make an Antivirus that works !, that they can buy. This is called ( R&D ) Resell & Do-less. Server2003 function sucks, has nothing to offer but Microsoft's sorry tcg technology. Fact is most of what does work in Windows, Microsoft got from the opensource community or spent good money to buy.
Microsoft's buy of "RAV" will buy them little, they will screw it up too, it will be a good future subject for the next big let-down Microsoft offers with the screwed "RAV" in it.