McAfee to issue patch for vulnerability

McAfee will issue a patch on Wednesday for a vulnerability affecting its SecurityCenter application, a security software management tool.

The vulnerability, rated "medium" by McAfee as far as its severity, could allow an unauthorized user to run code on a remote machine, the vendor said. It affects McAfee's SecurityCenter versions 4.3 through 6.0.22.

Security vendor eEye Digital Security notified McAfee of the vulnerability on July 19. Eeye withheld details of the vulnerability to not put users at risk, rating the problem as "critical."

McAfee said Tuesday it's testing the patch it will release Wednesday. Some customers will receive the patch through an automated update system, while those who have opted for manual updates will have to download the patch.

Customers should verify they have the latest software updates by visiting http://www.mcafee.com/us/support/default.asp.

For a successful attack, a user would have to open a malicious Web page seeking to exploit the vulnerability, McAfee said. The attacker would then have the same user rights as the person running the machine.

The attacker could also delete files or install other programs on the machine, eEye said in its advisory is at http://www.eeye.com/html/research/upcoming/20060719.html.

McAfee has a 18.8 percent revenue share of the antivirus market, coming in second behind Symantec at 53.6 percent, according to market analyst Gartner Inc.