McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

[darknessblade]

 

 

Summary

McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

 

Quotes

Quote

"McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows," Dormann explained.

 

"McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges."

 

My thoughts

This is just Hilarious, they tried rebranding themselves under a new name {potentially in hope of eliminating all bad PR}, and now their product itself has a major security leak, allowing hackers to run malicious code at SYSTEM level.

 

I really hope "Trellix" pulls the plug of anything Security related for systems.

Mcaffee must burn a cruel death, and should never should see the dawn of light EVER again, not should they force users to uninstall it trough tedious ways, because it got installed as bloatware on a OEM system.

 

 

Sources

https://kc.mcafee.com/corporate/index?page=content&id=SB10378

https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/

[Lightwreather]

Oh boy, another one?

That's 3 in the past 24hrs alone......

[Doobeedoo]

Continuous patching

[darknessblade]

23 minutes ago, Doobeedoo said:

Continuous patching

Yet they never implement the No bloatware Patch.

 

Where the software is no longer added to OEM PC's

[Bratstech]

Why should we be worried? its the first thing to uninstall anyway?

[Lurick]

McAfee Enterprise is not the same as McAfee for home use, just FYI.

This does NOT apply to the home installer, only the enterprise agent, which is probably worse from a security perspective.

[ebprince the computer nerd]

And that’s why I got a custom PC. No McAfee, no problem. Oh sorry, I mean “Trellix.”

[Salv8 (sam)]

3 hours ago, ebprince the computer nerd said:

And that’s why I got a custom PC. No McAfee, no problem. Oh sorry, I mean “Trellix.”

dude just like with facebook, never call them that, always call them McAfee, it ensures that their rebrand will fail.

[Lurick]

30 minutes ago, Salv8 (sam) said:

dude just like with facebook, never call them that, always call them McAfee, it ensures that their rebrand will fail.

McAfee for home users didn't change names....

It's like calling HPE and HP the same company

[da na]

And I thought I'd run out of reasons to not use McAssfee already... 

[SansVarnic]

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

[CTR640]

Cartels are probably behind the hacks.

[WhitetailAni]

 

[darknessblade]

13 hours ago, SansVarnic said:

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

Even if windows defender is much better now, it is usually the  UI and features people are used to, for why they opt for a 3rd party antivirus.

 

I use AVAST pro [internet security] for years now. and like the interface, and features it has.

 

from the easy to use firewall, allowing you to easily set and change firewall rules, without having to look deep in windows settings just to block 1 app/game from accessing the internet,

to being able to block entire Domain's/sub domains, with a few clicks. [which is not possible in windows, unless you alter the Host file]

 

[tim0901]

20 hours ago, SansVarnic said:

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

In the consumer desktop space yes. In enterprise applications, not so much. Products like Defender ATP or Intercept X most definitely still have their place and it's this market that McAfee Endpoint Security exists in.

[Mark Kaine]

whats with all the "rebranding"? should be made illegal at this point, i mean rebrand away, but there should  always be mention of previous names included in logos etc… intentional misleading of already burned consumers should  simply not be allowed .

[williamcll]

On 1/23/2022 at 8:35 PM, darknessblade said:

Mcaffee must burn a cruel death, and should never should see the dawn of light EVER again, not should they force users to uninstall it trough tedious ways, because it got installed as bloatware on a OEM system.

Mcafee "committed suicide". whoever is doing the software clearly do not have the same insights as him.

 

If anything, it could even be related to his death.