Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

darknessblade
 Share

 

 

Summary

McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

 

Quotes

Quote

"McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows," Dormann explained.

 

"McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges."

 

My thoughts

This is just Hilarious, they tried rebranding themselves under a new name {potentially in hope of eliminating all bad PR}, and now their product itself has a major security leak, allowing hackers to run malicious code at SYSTEM level.

 

I really hope "Trellix" pulls the plug of anything Security related for systems.

Mcaffee must burn a cruel death, and should never should see the dawn of light EVER again, not should they force users to uninstall it trough tedious ways, because it got installed as bloatware on a OEM system.

 

 

Sources

https://kc.mcafee.com/corporate/index?page=content&id=SB10378

https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/

╔═════════════╦═══════════════════════════════════════════╗
║__________________║ hardware_____________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ cpu ______________║ ryzen 9 5900x_________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ GPU______________║ ASUS strix LC RX6800xt______________________________________ _║
╠═════════════╬═══════════════════════════════════════════╣
║ motherboard_______ ║ asus crosshair formulla VIII______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ memory___________║ CMW32GX4M2Z3600C18 ______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ SSD______________║ Samsung 980 PRO 1TB_________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ PSU______________║ Corsair RM850x 850W _______________________ __________________║
╠═════════════╬═══════════════════════════════════════════╣
║ CPU cooler _______ ║ Be Quiet be quiet! PURE LOOP 360mm ____________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Case_____________ ║ Thermaltake Core X71 __________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ HDD_____________ ║ 2TB and 6TB HDD ____________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Front IO__________   ║ LG blu-ray drive & 3.5" card reader, [trough a 5.25 to 3.5 bay]__________║
╠═════════════╬═══════════════════════════════════════════╣ 
║ OS_______________ ║ Windows 10 PRO______________________________________________║
╚═════════════╩═══════════════════════════════════════════╝

 

Link to comment
Share on other sites

Link to post
Share on other sites

Oh boy, another one?

That's 3 in the past 24hrs alone......

If you think I'm wrong, correct me. If I've offended you in some way tell me what it is and how I can correct it. I want to learn, and along the way one can make mistakes; Being wrong helps you learn what's right.

Link to comment
Share on other sites

Link to post
Share on other sites

Continuous patching

Ryzen 7 3800X | X570 Aorus Elite | G.Skill 16GB 3200MHz C16 | Radeon RX 5700 XT | Samsung 850 PRO 256GB |Mousepad: Skypad 3.0 XL | Mouse: Zowie S1-C |Keyboard: Corsair K63 MX red | OS: Windows 11

Link to comment
Share on other sites

Link to post
Share on other sites

23 minutes ago, Doobeedoo said:

Continuous patching

Yet they never implement the No bloatware Patch.

 

Where the software is no longer added to OEM PC's

╔═════════════╦═══════════════════════════════════════════╗
║__________________║ hardware_____________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ cpu ______________║ ryzen 9 5900x_________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ GPU______________║ ASUS strix LC RX6800xt______________________________________ _║
╠═════════════╬═══════════════════════════════════════════╣
║ motherboard_______ ║ asus crosshair formulla VIII______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ memory___________║ CMW32GX4M2Z3600C18 ______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ SSD______________║ Samsung 980 PRO 1TB_________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ PSU______________║ Corsair RM850x 850W _______________________ __________________║
╠═════════════╬═══════════════════════════════════════════╣
║ CPU cooler _______ ║ Be Quiet be quiet! PURE LOOP 360mm ____________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Case_____________ ║ Thermaltake Core X71 __________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ HDD_____________ ║ 2TB and 6TB HDD ____________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Front IO__________   ║ LG blu-ray drive & 3.5" card reader, [trough a 5.25 to 3.5 bay]__________║
╠═════════════╬═══════════════════════════════════════════╣ 
║ OS_______________ ║ Windows 10 PRO______________________________________________║
╚═════════════╩═══════════════════════════════════════════╝

 

Link to comment
Share on other sites

Link to post
Share on other sites

McAfee Enterprise is not the same as McAfee for home use, just FYI.

This does NOT apply to the home installer, only the enterprise agent, which is probably worse from a security perspective.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, ebprince the computer nerd said:

And that’s why I got a custom PC. No McAfee, no problem. Oh sorry, I mean “Trellix.”

dude just like with facebook, never call them that, always call them McAfee, it ensures that their rebrand will fail.

*Insert Witty Signature here*

System Config: https://au.pcpartpicker.com/list/Tncs9N

 

Link to comment
Share on other sites

Link to post
Share on other sites

30 minutes ago, Salv8 (sam) said:

dude just like with facebook, never call them that, always call them McAfee, it ensures that their rebrand will fail.

McAfee for home users didn't change names....

It's like calling HPE and HP the same company

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

And I thought I'd run out of reasons to not use McAssfee already... 

 

Is it plugged in? Is it turned on? Are you sure? No, really. 

I'm not a professional, just an enthusiast. I don't know everything.

 

My systems:

Main: 

Spoiler

Xeon e5-2690 v1, HP z620 workstation board/case/800w PSU. EVGA GTX 980 SC, 8x4gb ECC DDR3-1333, 128gb NVME, 240gb SSD, 1tb SSD, 2x2tb HDD, 2x1tb HDD (too many)

Added Sound Blaster Z (2020), PCIe NVME card, USB 3.1 card, and front bay HDD dock

Retro:

Spoiler

Pentium 4 HT 661, GT 730 1gb, 4x1gb DDR2-667, 80gb Spinpoint HDD in a DC7600 SFF board/case. Sound Blaster Audigy SE sound, Trinitron Ultrascan 15 monitor, Altec Lansing PC speakers.

Render farm:

Spoiler

Optiplex 760, Core 2 Quad q9550, 4x2gb DDR2-800, Radeon HD 6350 (Cinema 4D needs OpenGL 4 to run and it isn't GPU rendered so this lets me just see the image), 80gb/500gb Seagate HDDs

Linux/2000s testbench:

Spoiler

Core 2 Quad q9650, Asus board, 2x2gb DDR2-800, GTX 670 2gb, 500gb Seagate HDD, 64gb AliExpress SSD, cheap Rosewill case

NAS:

Spoiler

Gigabyte Atom board, Sugo SG13 case, 2x 2tb HDD, 2x 1tb HDD, 1x 60gb SSD

 

Link to comment
Share on other sites

Link to post
Share on other sites

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

 

Spoiler

  

 

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

I am a StarCitizen are you? My ships: Aegis Eclipse, Aegis Sabre, Aegis Gladius, Aopoa Nox, KI P52 Merlin, KI P72 Archimedes and the RSI Constellation Aquila.

 

My phones are a Samsung Note 20 and a Samsung S9+

 

🇺🇸   About Myself:   https://linustechtips.com/main/profile/229093-sansvarnic/?tab=field_core_pfield_46   🇺🇸

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Cartels are probably behind the hacks.

DAC/AMPs:

Klipsch Heritage Headphone Amplifier

Lake People G103-S (Currently not in use)

Headphones: Klipsch Heritage HP-3 Walnut, Beyerdynamic Amiron Home, Amiron Wireless Copper, T5p.2, Tygr 300R, DT880 600ohm Manufaktur, Fidelio X2HR, Meze 99 Classics Walnut/Gold

Earphones: Airpods 2019, Sony WF1000XM3, Sony MDR-E818LP

CPU: Intel 4770, GPU: Gigabyte Aorus GTX1080Ti, Mobo: MSI Z87-G45, RAM: DDR3 16GB G.Skill, PC Case: Fractal Design R4 Black non-iglass, Monitor: BenQ GW2280.

Link to comment
Share on other sites

Link to post
Share on other sites

 

REFRESH BEFORE RESPOND, I EDITED MY POST

 

 

Likes animals (especially ducks)

 

PSA: Don't lie

 

I own a lot of iDevices.

iPhone3,1 = iPhone 4 (GSM) (Black) = 16GB, iOS 5.1.1 (unlocked)

iPhone3,3 = iPhone 4 (CDMA) (Black) = 16GB, iOS 4.2.6 (locked to Verizon)

iPhone4,1 = iPhone 4S (Black) = 16GB, iOS 9.2.1 (unlocked)

iPad2,5 = iPad mini 1 (Silver) = 6GB, iOS 8.4.1 + 10GB, 6.1.3 (WiFi only)

iPhone5,3 = iPhone 5C (GSM) (Blue) = 32GB, iOS 10.3.3 (locked to AT&T)

iPhone6,1 = iPhone 5S (GSM) (Space Gray) = 16GB, iOS 10.3.3 (locked to TracFone)

iPhone6,1 = iPhone 5S (GSM) (Silver) = 16GB, iOS 11.0.1 (locked to TracFone)

iPhone7,2 = iPhone 6 (Silver) = 16GB, iOS 8.3

iPhone8,1 = iPhone 6S (Space Gray) N71AP = 16GB, iOS 15.0.2 (unlocked)

iPhone9,1 = iPhone 7 (Global) (Midnight Star) = 256GB, iOS 15.1 (unlocked)

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, SansVarnic said:

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

Even if windows defender is much better now, it is usually the  UI and features people are used to, for why they opt for a 3rd party antivirus.

 

I use AVAST pro [internet security] for years now. and like the interface, and features it has.

 

from the easy to use firewall, allowing you to easily set and change firewall rules, without having to look deep in windows settings just to block 1 app/game from accessing the internet,

to being able to block entire Domain's/sub domains, with a few clicks. [which is not possible in windows, unless you alter the Host file]

 

╔═════════════╦═══════════════════════════════════════════╗
║__________________║ hardware_____________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ cpu ______________║ ryzen 9 5900x_________________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ GPU______________║ ASUS strix LC RX6800xt______________________________________ _║
╠═════════════╬═══════════════════════════════════════════╣
║ motherboard_______ ║ asus crosshair formulla VIII______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ memory___________║ CMW32GX4M2Z3600C18 ______________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ SSD______________║ Samsung 980 PRO 1TB_________________________________________ ║
╠═════════════╬═══════════════════════════════════════════╣
║ PSU______________║ Corsair RM850x 850W _______________________ __________________║
╠═════════════╬═══════════════════════════════════════════╣
║ CPU cooler _______ ║ Be Quiet be quiet! PURE LOOP 360mm ____________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Case_____________ ║ Thermaltake Core X71 __________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ HDD_____________ ║ 2TB and 6TB HDD ____________________________________________║
╠═════════════╬═══════════════════════════════════════════╣
║ Front IO__________   ║ LG blu-ray drive & 3.5" card reader, [trough a 5.25 to 3.5 bay]__________║
╠═════════════╬═══════════════════════════════════════════╣ 
║ OS_______________ ║ Windows 10 PRO______________________________________________║
╚═════════════╩═══════════════════════════════════════════╝

 

Link to comment
Share on other sites

Link to post
Share on other sites

20 hours ago, SansVarnic said:

3rd party virus software has been outdated and unnecessary for some time now. Seems irrelevant to report on. (My opinion.)

In the consumer desktop space yes. In enterprise applications, not so much. Products like Defender ATP or Intercept X most definitely still have their place and it's this market that McAfee Endpoint Security exists in.

My PCs:

Quote

Timothy: 

i7 4790k

16GB Corsair Vengeance DDR3

ASUS GTX 1060 6GB

Corsair Carbide 300R

 

Link to comment
Share on other sites

Link to post
Share on other sites

whats with all the "rebranding"? should be made illegal at this point, i mean rebrand away, but there should  always be mention of previous names included in logos etc… intentional misleading of already burned consumers should  simply not be allowed .

 

 

 

The direction tells you... the direction

-Scott Manley, 2021

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

On 1/23/2022 at 8:35 PM, darknessblade said:

Mcaffee must burn a cruel death, and should never should see the dawn of light EVER again, not should they force users to uninstall it trough tedious ways, because it got installed as bloatware on a OEM system.

Mcafee "committed suicide". whoever is doing the software clearly do not have the same insights as him.

 

If anything, it could even be related to his death.

Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 9 5900X          Case: Antec P8     PSU: Corsair RM850x                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×