Security News > 2022 > January > McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee's bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products.

Cnf in a location used by McAfee Agent and thus potentially be able to execute arbitrary code with SYSTEM privileges on a Windows system that has the vulnerable McAfee Agent software installed.

The second bug in the Agent - tracked as CVE-2021-31854 and given a CVSS criticality rating of 7.7 - can be exploited by a local user to inject arbitrary shell code into a file, McAfee said in its advisory.

"The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree," according to McAfee.

Wells told Security Week that exploiting this bug requires access to the McAfee ePO host, as in, the underlying Windows host, not the application itself.

That earlier bug involved DLL injection in McAfee Agent that could have allowed a local administrator to kill or tamper with the antivirus, without knowing the McAfee password.

News URL

https://threatpost.com/mcafee-bug-windows-system-privileges/177857/