fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

McAfee Agent Bug Lets Hackers Run Code with Windows SYSTEM Privileges

McAfee Agent Bug Lets Hackers Run Code with Windows SYSTEM Privileges

McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company’s McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

McAfee Agent is a client-side component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints.

Also Read: The Top 4W’s of Ethical Hacking

The company has fixed the high severity local privilege escalation (LPE) flaw tracked as CVE-2022-0166 and discovered by CERT/CC vulnerability analyst Will Dormann issued security updates with the release of McAfee Agent 5.7.5 on January 18.

All McAfee Agent versions before 5.7.5 are vulnerable and allow unprivileged attackers to run code using NT AUTHORITY\SYSTEM account privileges, the highest level of privileges on a Windows system, used by the OS and OS services.

“McAfee Agent, which comes with various McAfee products such as McAfee Endpoint Security, includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that my be controllable by an unprivileged user on Windows,” Dormann explained.

“McAfee Agent contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.”

Exploitable for evasion, loading malicious payloads

Following successful exploitation, threat actors could persistently execute malicious payloads and potentially evade detection during attacks.

While only exploitable locally, threat actors commonly exploit this type of security flaw during later stages of their attacks, after infiltrating the target machine to elevate permissions for gaining persistence and further compromising the system.

Also Read: What is Social Engineering and How Does it Work?

This is not the first time security researchers have found vulnerabilities while analyzing McAfee’s Windows security products.

For instance, in September 2021, the company patched another McAfee Agent privilege escalation bug (CVE-2020-7315) discovered by Tenable security researcher Clément Notin that allowed local users to execute arbitrary code and kill the antivirus.

Two years before, McAfee fixed a security vulnerability impacting all editions of its Antivirus software for Windows (i.e., Total Protection, Anti-Virus Plus, and Internet Security) and allowing potential attackers to escalate privileges and execute code with SYSTEM account authority.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us