An update released recently by McAfee for one of its products is preventing Windows users from logging on to their systems, and some major organizations appear to have been affected.
McAfee informed users on Wednesday that they might be prevented from logging in to their Windows devices after they installed version 9418 of Exploit Prevention on Endpoint Security 10.2 and earlier.
Endpoint Security 10.2 reached end of life in December 2018, but some organizations still appear to be using it and it has caused problems for their employees after they installed the Exploit Prevention update.
British electricity distribution network operator UK Power Networks appears to have been impacted by the issue, according to a post on Reddit. Based on the initial post, which did not contain any technical information, some believed the company might have been hit by ransomware, but it later turned out that the problems were caused by the McAfee update.
US consumer credit reporting agency Experian also appears to have been affected. The company said it was experiencing problems due to a “global Microsoft Windows update issue,” but researcher Kevin Beaumont learned that it was in fact the latest Exploit Prevention update that caused the disruptions.
Many other organizations may have been impacted.
“I work in Infrastructure for an MSP [managed service provider]. Our biggest customer had this issue as a priority 1 ticket today. Shit tons of users all over the world couldn’t log in,” one user wrote on Reddit.
McAfee released Exploit Prevention content version 9419 on July 10 to address the issue. The company has advised customers to recover their systems by accessing the operating system in Safe Mode and setting the Enable value to “0” for the following key in the Windows Registry:
Once this is done, users should be able to log on to Windows after they reboot the system and install the Exploit Prevention update.