McAfee Agent runs code with SYSTEM privileges

The McAfee Agent for Windows contained a serious vulnerability, which allowed the program code to run with SYSTEM permissions. The company fixed the vulnerability (CVE-2022-0166) that existed in products such as McAfee Endpoint Security through an OpenSSL component. The same goes for a second vulnerability in CVE-2021-31854.mcafee agent

The CERT Coordination Center at Carnegie Mellon University describes vulnerability CVE-2022-0166, discovered by Will Dormann on 20 January of 2022.

McAfee Agent is available in various McAfee products, such as McAfee Endpoint Security, and includes an OpenSSL component. This item defines an OPENSSLDIR variable as a subdirectory that can be registered and handled by an underprivileged user in Windows.

McAfee Agent, on the other hand, has a privileged service that uses this OpenSSL component. So if a user can place a specially created openssl.cnf file in an appropriate path they can run arbitrary code with SYSTEM permissions.

  Mageia 7 with Linux 5.1 Kernel, Plasma 5.15 & GNOME 3.32

This vulnerability has been fixed in version 5.7.5 of McAfee Agent. McAfee posted a safety warning on the above, which states that it fixed a second vulnerability in CVE-2021-31854 (discovered by Russell Wells of Cyberlinx Security), in addition to CVE-2022-0166.

Vulnerability 2 allowed commands to be inserted into McAfee Agent (MA) before version 5.7.5, which made it easier for users to pass malicious shell code into the cleanup.exe file.

Tip: Basically McAfee Agent is of no use to you and you could remove it without any problem….

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

5 + 5 =  

Previous Story

Handsfree in the washing machine

Next Story

The best free sites to learn Morse code