Security News > 2022 > January > McAfee Agent bug lets hackers run code with Windows SYSTEM privileges
McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.
McAfee Agent is a client-side component of McAfee ePolicy Orchestrator that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints.
All McAfee Agent versions before 5.7.5 are vulnerable and allow unprivileged attackers to run code using NT AUTHORITYSYSTEM account privileges, the highest level of privileges on a Windows system, used by the OS and OS services.
"McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges."
In September 2021, the company patched another McAfee Agent privilege escalation bug discovered by Tenable security researcher Clément Notin that allowed local users to execute arbitrary code and kill the antivirus.
McAfee fixed a security vulnerability impacting all editions of its Antivirus software for Windows and allowing potential attackers to escalate privileges and execute code with SYSTEM account authority.
News URL
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)