Categories: Technology

McAfee bug: Hackers Can penetrate Using Windows system privileges

A critical vulnerability in McAfee Agent allows hackers to penetrate networks and gain full Windows system privileges. There is already an update that fixes the serious vulnerability. That report comes from the Bleeping Computer. Accordingly, there is a vulnerability in McAfee Enterprise (renamed Trellix) that can be exploited on a large scale by hackers.

The vulnerability was discovered in the McAfee Agent software for Windows. McAfee Agent is a client component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies, and delivers antivirus signatures, upgrades, patches, and new products to enterprise endpoints. You can basically put all the important security features in the hands of the software, but the security loopholes that have been discovered have disabled the defenses.

Local privilege can be used

With the release of McAfee Agent 5.7.5, the company has fixed a serious Local Privilege Elevation (LPE) vulnerability known as CVE-2022-0166. All McAfee Agent versions prior to 5.7.5 are said to be vulnerable, allowing attackers to execute code with NT AUTHORITYSYSTEM account privileges, the highest level of privileges on a Windows system used by the operating system itself and operating system services.

“McAfee Agent, which ships with several McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subfolder that can be controlled by an unauthorized user on Windows,” explains security researcher Will Dormann, who discovered the vulnerability. and reported this to the company. “McAfee Agent includes a privileged service that uses this OpenSSL component. A user who can place a specially crafted openssl.cnf file in an appropriate path may be able to run arbitrary code with SYSTEM privileges.”

Hackers can gain full access

Once hackers have done that, they can access all components for almost free and can install malware and steal data without being detected. However, the vulnerability can only be exploited at a local level, which makes exploitation a bit more difficult in the beginning. It is unknown to what extent the vulnerability is actively exploited.

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

6 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

6 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

6 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

6 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

6 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

6 hours ago