McAfee error wreaks havoc on corporate systems

Share this article:
PCs in organizations around the world were crippled by a flawed McAfee update that caused computers to become stuck in an endless cycle of reboots.

The issue began on Wednesday around 9:00 a.m. ET when the security giant pushed out a new virus definition file to PCs running McAfee VirusScan Enterprise. In the release, a legitimate Windows operating system file called "svchost.exe" had somehow been falsely classified as a virus called "W32/Wecorl.a." The faulty update caused computers running Windows XP Service Pack 3 to display a false positive error message or a blue screen and to repeatedly reboot.

Every affected computer will need to be manually fixed, Amrit Williams, chief technology officer at security management solutions vendor BigFix told SCMagazineUS.com on Thursday. The worst-case scenario is that affected organizations will have to re-image each affected PC or reinstall the Windows operating system, which could take up to a full day to get the machine back up and running normally.

In the best case scenario, organizations can boot affected machines into Windows safe mode and try to replace the corrupted file, Williams said. This option, which requires some technical skill and may not necessarily be effective, would take approximately an hour per machine, on average.

Anti-virus companies have tight controls to ensure that new signature packs do not cause false positives – but in this case something went wrong, Peter Schlampp, VP of marketing and product management at network monitoring firm Solera Networks told SCMagazineUS.com on Monday.

Williams, who worked as an engineer within the security division at McAfee, said it would have been “extremely easy” to catch the false positive error with even the most basic testing.

“There was either a malicious act to make this happen or some negligence that occurred,” he said. “Either way, this is a complete failure of McAfee's quality control process.”

For organizations that were impacted, this is a very expensive and time-intensive problem, Schlampp said.

In a blog post Wednesday, Barry McPherson, McAfee's executive vice president of worldwide support and customer service, said the incident “impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base–home users of products.” Published reports place the actual number of impacted PCs in the hundreds of thousands, or possibly millions. 

McPherson acknowledged that the impact to those affected is “significant” and said McAfee employees are now working to help affected customers and ensure a similar incident does not happen in the future.  

“We sincerely apologize for the inconvenience this has caused our customers,” he said.

Many of those affected were not sympathetic. One individual using the name of "Toby DeDog" commented on McPherson's blog post that, “Your ‘protection' is far worse than any virus you're supposed to protect us against.”

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.