Google researchers discover another security flaw in FireEye

Security Company FireEye is not new to vulnerabilities that are found in their products. This time, FireEye has rushed to Google’s Project Zero researchers Tavis Ormandy and Natalie Silvanovich to patch a remote code execution (RCE) vulnerability affecting Malware Protection System (MPS).

FireEye told that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.
Researchers have earlier also found vulnerabilities in FireEye’s products. In September, FireEye patched vulnerabilities reported by Kristian Erik Hermansen and Ron Perris. Hermansen claimed that he had disclosed the details of a flaw 18 months prior to its public disclosure and before FireEye could release a fix.
In September, five other vulnerabilities were reported by German security firm ERNW. The issues including command injection, code execution, privilege escalation and memory corruption vulnerabilities affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.

FireEye spokesman Kyrksen Storer said that due to the vulnerability’s severity, the company had released an automated remediation to customers just 6 hours after its notification.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.

Leave a Reply