Home » Technology » McAfee bug: Hackers Can penetrate Using Windows system privileges

McAfee bug: Hackers Can penetrate Using Windows system privileges



A critical vulnerability in McAfee Agent allows hackers to penetrate networks and gain full Windows system privileges. There is already an update that fixes the serious vulnerability. That report comes from the Bleeping Computer. Accordingly, there is a vulnerability in McAfee Enterprise (renamed Trellix) that can be exploited on a large scale by hackers.

The vulnerability was discovered in the McAfee Agent software for Windows. McAfee Agent is a client component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies, and delivers antivirus signatures, upgrades, patches, and new products to enterprise endpoints. You can basically put all the important security features in the hands of the software, but the security loopholes that have been discovered have disabled the defenses.

Local privilege can be used

With the release of McAfee Agent 5.7.5, the company has fixed a serious Local Privilege Elevation (LPE) vulnerability known as CVE-2022-0166. All McAfee Agent versions prior to 5.7.5 are said to be vulnerable, allowing attackers to execute code with NT AUTHORITYSYSTEM account privileges, the highest level of privileges on a Windows system used by the operating system itself and operating system services.

“McAfee Agent, which ships with several McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subfolder that can be controlled by an unauthorized user on Windows,” explains security researcher Will Dormann, who discovered the vulnerability. and reported this to the company. “McAfee Agent includes a privileged service that uses this OpenSSL component. A user who can place a specially crafted openssl.cnf file in an appropriate path may be able to run arbitrary code with SYSTEM privileges.”

Hackers can gain full access

Once hackers have done that, they can access all components for almost free and can install malware and steal data without being detected. However, the vulnerability can only be exploited at a local level, which makes exploitation a bit more difficult in the beginning. It is unknown to what extent the vulnerability is actively exploited.