McAfee has announced a fix for CVE-2022-0166, a local privilege escalation vulnerability that affects the McAfee Agent software for Windows. After a discovery made by vulnerability analyst Will Dormann, it was determined that all versions of McAfee Agent prior to the release of version 5.7.5 are vulnerable. The McAfee Agent software has an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory, which could lead to control from an unauthorized party. Dormann explained how the vulnerability works in detail in a release note. A portion of the publication is as follows: “McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.” Threat actors can evade detection throughout the process of delivering malicious payloads, and although the vulnerability is only able to be executed locally, it can be carried out after the attack has already begun.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased