Serious Security Vulnerability Found In All McAfee Antivirus Editions

Following Avast, we now hear of a security bug in McAfee antivirus. Researchers have found this vulnerability to affect all McAfee Antivirus Editions, the vulnerability could allow for code execution via DLL injection.

Vulnerability In McAfee Antivirus Editions

Researchers from SafeBreach Labs have discovered a serious security vulnerability affecting all Editions of McAfee Antivirus software. Elaborating on their findings in a report, Peleg Hadar stated that a potential attacker could exploit the vulnerability to achieve code execution.

As stated in the report,

We found that multiple services of the McAfee software which run as signed processes and as NT AUTHORITY\SYSTEM try to load c:\Windows\System32\wbem\wbemcomn.dll, which cannot be found (since it is actually located in System32 and not in the System32\Wbem folder).

An attacker could load an arbitrary unsigned DLL to these processes to execute code while evading defense mechanisms.

Researchers have also shared a PoC for the exploit. They could load DLL and execute code in multiple processes signed by McAfee.

The researchers suspect that the vulnerability could have allowed an attacker to execute malicious payloads, evade security checks, and bypass application whitelisting.

McAfee Released A Fix

Upon discovering the bug in August 2019, the researchers informed McAfee about the flaw. They noticed that this vulnerability, CVE-2019-3648, affected all versions of McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) until v.16.0.R22.

Following their report, McAfee rolled out a fix for this vulnerability with the release of software version 16.0.R22 Refresh 1. Though, they have labeled this flaw as a medium severity vulnerability, with a CVSS base score of 6.1.

Users of affected versions of McAfee Antivirus software should hence ensure they update their systems to the latest patched versions.

Recently, Avast also made it to the news when a researcher found a cross-site scripting vulnerability affecting the Avast and AVG antivirus Desktop for Windows. Though, the vendors not only patched the flaw but also awarded the researcher $5000 as bounty.

Let us know your thoughts in the comments.

Related posts

Researchers Observed Backdoor-Like Behavior In Gigabyte Systems

Jetpack Plugin Patched A Critical Vulnerability Triggering WordPress Force-Installs