We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

F-Secure patches web console bug

No exploits known of – yet

F-Secure has patched a vulnerability that could possibly be used to run unauthorised code on its email and internet gateway server software.

Two of the company's products are affected by the flaw, which was patched yesterday: Secure's Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40, 6.41, 6.42 and 6.50.

The bug affects the web-based management console software used by these servers, said Mikko Hyppönen, manager of antivirus research at F-Secure. By sending specially crafted messages to the web console, a hacker could crash it.

This software is typically set to accept connections only from trusted computers, such as the workstation of the network administrator responsible for the server, but it can be configured to accept connections from any computer. F-Secure rates this bug as critical in this latter configuration.

The flaw was discovered by a legitimate security researcher, Mikko Korppi, who notified F-Secure of the problem. The company does not know of any attackers who have exploited the problem.

Nonetheless, because the flaw is due to a "buffer overflow" condition, where the software ends up storing information in unexpected parts of the computer's memory, it could theoretically be used by attackers to run unauthorised software on unpatched servers, Hyppönen said.

F-Secure isn't the only security vendor to patch its software of late. On Saturday, Symantec published a fix for a widely reported flaw in its corporate antivirus client software.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made