A leading computer security company, McAfee Inc., fixed a dangerous design flaw months ago in its flagship technology for managing protective software in large organizations but did not warn businesses and U.S. government agencies until Friday.

McAfee issued a rare apology and urged customers to install updated versions of its software immediately. McAfee's antivirus software is used by more than one-third of corporations in the United States and Europe. A spokeswoman, Siobhan MacDermott, said there were no reports of victims.

The design flaw affects a component in McAfee's "ePolicy Orchestrator," used for managing security software on tens of thousands of computers across large organizations. The Defense Department announced last month it has selected the technology from Santa Clara, Calif.-based McAfee to run its computer-intrusion-prevention systems worldwide.

McAfee six months ago inadvertently repaired the flaw after an engineer made other changes to its software, said its chief security architect, John Viega. The flaw in McAfee's "common management agent" lets attackers in some cases seize control of computers to steal sensitive data, delete files or implant malicious programs.

"We didn't really realize we fixed the problem," Viega said. "We fixed one, but it was by accident."

McAfee produced a software update in January based on the changes but described it only as offering new feature enhancements.

Many corporations and government agencies are reluctant to update software unless necessary because of fears that doing so might introduce new problems.

McAfee acknowledged the design problem Friday and urged all customers to take immediate steps to protect themselves. Days earlier, researchers from eEye Digital Security Inc. of Aliso Viejo, Calif., discovered the flaw and notified McAfee. eEye's own security software, Blink, competes against some of McAfee's products.

eEye demonstrated the attack for The Associated Press by remotely creating a file on a reporter's computer.

"McAfee apologizes for any unintended impact to customers as a result of this published vulnerability," McAfee said in e-mails to clients. "We know that our ability to protect customers quickly in the event of an outbreak depends largely on your confidence in our work."

Consumer versions of McAfee's security software, sold at retail outlets around the country, were not affected because — unlike corporate versions — they do not depend on McAfee's centralized management tool for updates to protect against the newest viruses and other threats.

"This is probably one of the most widely used corporate antivirus components," said Andrew Jaquith, the security research program manager at the Boston-based Yankee Group, an analyst firm. "It is a little ironic that products designed to protect you are actually making you vulnerable."

McAfee's chief executive, George Samenuk, complained earlier this week about vulnerabilities in software from Microsoft Corp., which competes increasingly against companies like McAfee and Symantec Corp.

"I'm not sure corporations and governments are going to trust Microsoft with their security when they have these new vulnerabilities announced every month," Samenuk told the IDG News Service, which publishes trade magazines.

Jaquith said security companies increasingly study competitors' products for design flaws. He predicted McAfee will not lose customers over the flaw. "You're not going to see a stampede for the door," Jaquith said.

eEye discovered an unrelated but equally serious flaw in May in versions of leading antivirus software from Symantec, which fixed the problem just days later.