We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

F-Secure patches web console bug

No exploits known of – yet

F-Secure has patched a vulnerability that could possibly be used to run unauthorised code on its email and internet gateway server software.

Two of the company's products are affected by the flaw, which was patched yesterday: Secure's Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40, 6.41, 6.42 and 6.50.

The bug affects the web-based management console software used by these servers, said Mikko Hyppönen, manager of antivirus research at F-Secure. By sending specially crafted messages to the web console, a hacker could crash it.

This software is typically set to accept connections only from trusted computers, such as the workstation of the network administrator responsible for the server, but it can be configured to accept connections from any computer. F-Secure rates this bug as critical in this latter configuration.

The flaw was discovered by a legitimate security researcher, Mikko Korppi, who notified F-Secure of the problem. The company does not know of any attackers who have exploited the problem.

Nonetheless, because the flaw is due to a "buffer overflow" condition, where the software ends up storing information in unexpected parts of the computer's memory, it could theoretically be used by attackers to run unauthorised software on unpatched servers, Hyppönen said.

F-Secure isn't the only security vendor to patch its software of late. On Saturday, Symantec published a fix for a widely reported flaw in its corporate antivirus client software.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia