McAfee hat die Agenten Version 5.6.6 herausgebracht, welche drei mit Priorität Hoch und eine mit Priorität Mittel eingestuften Schwachstellen beseitigt. Darüber hinaus wurden noch etliche weitere Bugs gefixt, welche in den vorherigen Versionen aufgefallen waren.



MA for Windows:
1. CVE-2020-7311 (Severity Rating: High)
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7311

2. CVE-2020-7312 (Severity Rating: High)
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7312

3. CVE-2020-7315 (Severity Rating: Medium)
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7315

4. MA for Mac:
On macOS platforms, the McAfee Data Exchange Layer Client installer writes out temporary files with incorrect permission that can allow a low privileged user to run commands as root user. The fix for this issue is included in the MA 5.6.6 Update release.

 

CVE-2020-7314 (Severity Rating: Medium)
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7314

(Quelle: https://kc.mcafee.com/corporate/index?page=content&id=SB10325)


Es wird empfohlen diese neue Version zu testen und nach erfolgreichen Tests einzusetzen, um eine größtmögliche Sicherheit der Infrastruktur aufrecht zu erhalten.