Flaw in McAfee Products Make Your Systems Vulnerable
By: Jim Stickley and Tina Davis
November 18, 2019
It’s a concerning day when we are informed of a security flaw in our security software. Researchers at SafeBreach Labs found a vulnerability in code that impacts all version so McAfee software. An attacker could gain administrator permissions on a device leading to all kinds of issues no one wants to deal with. The affected products failed to check for correct digital signatures from third-parties, such as the Windows operating system, which were in place to avoid duplication of functionality.
The vulnerability may be exploited in three ways, according to the researchers:
- The loading and executing of malicious payloads.
- Malicious software could bypass security scans.
- Malicious code could be set to reload whenever a service is launched to maintain persistence on a system.
Impacted McAfee products include McAfee Total Protection (MTP), Anti-Virus Plus (AVP), and Internet Security (MIS) up to and including version 16.0.R22.
Some good news, version 16.0.R22 Refresh 1 is being released soon to address this. Most products will automatically update, but if yours doesn’t, make sure you apply it immediately. If you want more information, check out CVE-2019-3648.
To get infected, it requires no user interaction, so be sure to keep a keen out for phishing email messages. Remember not to click on attachments or links that come from unknown sources, are not expected, or seem not quite on the up and up. If your sixth sense is tingling, be sure to listen to it.