McAfee patched a security vulnerability discovered in all editions of its Antivirus software for Windows and enabling potential attackers to escalate privileges and execute code using SYSTEM privileges.
McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) up to and including 16.0.R22 are all impacted by this local privilege escalation (LPE) bug.
Privilege escalation bug patched by McAfee
The LPE flaw now tracked as
CVE-2019-3648 requires attackers to have Administrator privileges for exploitation according to SafeBreach Labs security researcher Peleg Hadar who discovered the vulnerability.
... ...
