McAfee Update Breaks Windows XP Systems

PCs running Windows XP have been brought to a standstill worldwide after McAfee VirusScan Enterprise issued a false positive

Businesses, hospitals and schools around the world have been experiencing serious technical difficulties over the last 24 hours, after a security update by anti-virus vendor McAfee disabled thousands of computers running Windows XP SP3 systems.

McAfee issued the update, known as DAT 5958, to its VirusScan Enterprise customers at around 2pm GMT yesterday. The update causes VirusScan to falsely identify a core Windows file – called svchost.exe – as a threat, and then quarantine the file and shut down the computer. When the user restarts the computer, Windows is unable to load and the PC either crashes or enters an endless reboot cycle.

“We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally,” said Barry McPherson (left), McAfee’s executive vice president for customer service in a blog post. “The faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers.”

Thousands affected worldwide

However, despite McAfee’s efforts to play down the issue, major institutions including universities, police departments, prisons and hospitals have been adversely affected by the faulty update, as well as companies such as IBM and Intel. There has also been a surge of condemnation on micro-blogging site Twitter, describing “huge disruption” to business.

Several members of staff in the eWEEK Europe UK office have been affected by the faulty update but, after contacting McAfee for a solution, the company claimed that the update affected different computers in different ways, so no single fix could be issued. Reports range from a blue screen of death to disconnection from servers to repeated rebooting. The company directed affected users to its Corporate Knowledge Base, advising them to work through the possible fixes.

“There was a legitimate threat and we wanted to protect our customers, as we have done successfully thousands and thousands of times before. But in trying to do so, we created negative and unintended consequences for some very important people. Many of you,” wrote McPherson in a follow-up blog.

“Mistakes happen. No excuses. The nearly 7,000 employees of McAfee are focused right now on two things, in this order. First, help our customers who have been affected by this issue get back to business as usual. And second, once that is done, make sure we put the processes in place so this never happens again,” he added.

In November, McAfee released a new version of its email and web security appliance for SMBs. The company claimed that its new user-friendly configuration wizards offered simplified creation and setup of content policies, enabling greater enforcement flexibility and reduced risk of false positives and configuration errors.

Read eWEEK Opinion: McAfee Cockup: Apologies Are Not Enough