McAfee update causes havoc across the U.S.

by Steve Ragan - Apr 21 2010, 22:30

Update: According to an internal document sent to us, a Quality Assurance failure led to McAfee the patch problems. More details are here.

Administrators scrambled as a McAfee update triggered false positives on Wednesday, prompting a never ending cycle of reboots after a Blue Screen of Death, affecting police departments, hospitals, schools, and scores of other businesses.

At 12:47 PM CDT on Wednesday, McAfee issued a SNS Alert that reads, “McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect Malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.”

The broken update caused issues across the U.S. McAfee issued a statement that said in part, “We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.”

The limited occurrence appears to have affected tens of thousands of systems, including unconfirmed reports that Intel and Dish Network call centers were impacted. For patients at Rhode Island Hospital, those without traumas who visited the ER were sent to other hospitals. Some elective procedures were postponed as well.

Upstate University Hospital had issues as well, when roughly 2,500 of its 6,000 systems went nuts and crashed on them shortly after receiving the patch. Backup systems and operational policy allowed them to continue to work without much of a delay or impact to patient care, a spokesperson told The Post-Standard in Syracuse.

In Kentucky, Lexington police spokeswoman Sherelle Roberts said that officers were taking calls the old-fashioned way, by "hand-writing reports, using phones and using radios" because of McAfee’s patch, which led to the computers used in patrol cars to be turned off until administrators could apply the patch. Police departments in Louisville and Shepherdsville experienced similar problems according to wire reports.

Utah Valley University reported that 700 of the 5,000 systems were impacted by the broken patch, and dozens of systems at the College of Business at Illinois State University in Normal were affected.

The update, 5985 DAT, has since been removed and replaced with an emergency fix that prevents svchost.exe from being flagged as w32/wecorl.a. For those who might need the fix, guidance and instructions are available here.

“If you are already affected by this issue, you must still either replace or restore svchost.exe. McAfee is continuing to work on an automated solution to fully resolve the issue for affected customers,” McAfee explained in a technical bulletin.

Around the Web