Threat Watch

Bug In McAfee Agent Fixed with Updated Version

McAfee has announced a fix for CVE-2022-0166, a local privilege escalation vulnerability that affects the McAfee Agent software for Windows. After a discovery made by vulnerability analyst Will Dormann, it was determined that all versions of McAfee Agent prior to the release of version 5.7.5 are vulnerable. The McAfee Agent software has an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory, which could lead to control from an unauthorized party. Dormann explained how the vulnerability works in detail in a release note. A portion of the publication is as follows: “McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.” Threat actors can evade detection throughout the process of delivering malicious payloads, and although the vulnerability is only able to be executed locally, it can be carried out after the attack has already begun.

ANALYST NOTES

Those that are running any version of McAfee Agent prior to the newly released version 5.7.5 should upgrade as soon as possible. Running on a prior version will leave systems more likely to have the vulnerability exploited.

https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/?&web_view=true