Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > 3940 - McAfee Signature Update Causing Widespread System Crashes - Update

CSIRTUK advisories

3940 - McAfee Signature Update Causing Widespread System Crashes - Update

ID: 3941
Date: 22/04/2010
Title: 3940 - McAfee Signature Update Causing Widespread System Crashes - Update
Platform level affected:Operating System
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Enterprise Application
Security software:AV/Content Scanning
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:McAfee
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Host DoS
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: McAfee
Reliability of source: Trusted
Source URL: https://kc.mcafee.com/corporate/index?page=content&id=KB68780
Abstract:

Description of a problem with McAfee signature .DAT file 5958 and VirusScan Enterprise


This is an update to CSIRTUK advisory 3939 and reflects the latest advice from McAfee regarding the system crashes caused by .DAT file 5958 (released on April 21, 2010 'False positive detection of w32/wecorl.a in 5958 DAT ').

Environment
Microsoft Windows XP with SP3
Summary
McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file that was released on April 21, 2010. 
Problem 
Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.

McAfee have updated their advice since our earlier advisory was published.. This latest information can be still be obtained from the link: https://kc.mcafee.com/corporate/index?page=content&id=KB68780
 

 

 

 

 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Thu, 22 Apr 2010 00:00:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |