The McAfee Agent for Windows contained a serious vulnerability, which allowed the program code to run with SYSTEM permissions. The company fixed the vulnerability (CVE-2022-0166) that existed in products such as McAfee Endpoint Security through an OpenSSL component. The same goes for a second vulnerability in CVE-2021-31854.
The CERT Coordination Center at Carnegie Mellon University describes vulnerability CVE-2022-0166, discovered by Will Dormann on 20 January of 2022.
McAfee Agent is available in various McAfee products, such as McAfee Endpoint Security, and includes an OpenSSL component. This item defines an OPENSSLDIR variable as a subdirectory that can be registered and handled by an underprivileged user in Windows.
McAfee Agent, on the other hand, has a privileged service that uses this OpenSSL component. So if a user can place a specially created openssl.cnf file in an appropriate path they can run arbitrary code with SYSTEM permissions.
This vulnerability has been fixed in version 5.7.5 of McAfee Agent. McAfee posted a safety warning on the above, which states that it fixed a second vulnerability in CVE-2021-31854 (discovered by Russell Wells of Cyberlinx Security), in addition to CVE-2022-0166.
Vulnerability 2 allowed commands to be inserted into McAfee Agent (MA) before version 5.7.5, which made it easier for users to pass malicious shell code into the cleanup.exe file.
Tip: Basically McAfee Agent is of no use to you and you could remove it without any problem….
Follow us on Google News 
