Multiple McAfee endpoint products include a private mechanism to access settings and files protected by self-protection rules. This mechanism is not sufficiently secure and may be misused to access registry keys and files that should be protected from tampering.
When VirusScan Enterprise (VSE) is present on the device, processes that attempt to use this private mechanism are scanned upon access, but if not detected as malware could gain access to McAfee products protected resources.
This trusted access bypass vulnerability allows access to resources normally protected by the vulnerable products.
Though McAfee Agent 5.0.x, ship the vulnerable technology, it has already transitioned to a new self-protection mechanism that doesn’t rely on the vulnerable technology. However it requires an update to fully disable the vulnerable technology.
This release includes:
- Fixes as described in PD26386 - McAfee Agent 5.0.2 Hotfix 1110392 Release Notes
- Hotfix 1110392 is rated mandatory due to a security fix as described in the release notes.
To download McAfee Agent 5.0.2 Hotfix 1110392 (MA502HF1110392WIN.zip), go to the product downloads site Refer to Security Bulletin SB10151 for additional details
No comments:
Post a Comment