Intel Fixes McAfee Bug That Allowed Attackers to Disable Antivirus Protection

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/intel-fixes-mcafee-bug-that-allowed-attackers-to-disable-antivirus-protection-501441.shtml
Intel Security, current maintainers of the McAfee Enterprise antivirus, have released a new version that patches a security hole that would have allowed an attacker to disable the antivirus on a victim's computer.

According to Italian security researcher Agazzini Maurizio working for Mediaservice, a local IT security advisory firm, the McAfee VirusScan Enterprise antivirus could have been disabled following very simple steps, allowing attackers to install malware on the user's system.

The issue resides in a feature that was added to the McAfee VirusScan engine to protect it from local Windows admin users that might accidentally alter its normal mode of operation.

Attackers can bypass McAfee's admin password and disable the antivirus
By default, the antivirus uses a password that Windows admin users must provide in order to disable the McAfee VirusScan protection engine.

Mr. Maurizio has discovered that this feature was not properly implemented, and allowed attackers to bypass the admin password.

"The McAfee VirusScan Console checks the password and requests the engine to unlock the safe registry keys," Mr. Maurizio explained on Mediaservice's website. "No checks are done by the engine itself, so anyone can directly request the engine to stop without knowing the correct management password."

The researcher even created a tool that automatically alters the needed registry keys, so the attacker can disable the antivirus without entering the password.

If we take into account how easy it is to automate the entire process via PowerShell commands, the attack opens a large hole in McAfee's defense.

It took Intel 15 months to fix the bug
Fortunately, as the researcher has discovered, the threat of this attack is present only if the attacker manages to gain admin privileges on an infected machine, otherwise the attack cannot be carried out.

Because of this reason, when Intel received the bug report in November 2014, it prioritized other more important issues and has published a patch for this problem on February 25, 2016, almost 15 months later.

The McAfee VirusScan Enterprise antivirus version SB10151 has been released to address this issue. All McAfee Viruscan Enterprise versions prior to 8.8 without SB10151 installed are affected.
Click to expand...
 
  • Like
Reactions: Soulbound, illumination, Der.Reisende and 2 others
You must log in or register to reply here.

Similar threads

Brownie2019
    • Like
On Sale! McAfee Total Protection 2023 | Amazon Exclusive | 5 Devices |15 Month for 18,99€
Replies
3
Views
617
Discounts and Deals
Brownie2019
Brownie2019
Ink
    • Like
New Update New: McAfee AI-powered Scam Protection now available in McAfee Mobile Security - Android and iOS
Replies
0
Views
541
McAfee
Ink
Ink
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Google Cloud Build bug lets hackers launch supply chain attacks
Replies
1
Views
1,328
News Archive
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top