Last updated: Today, 11:13
A program of McAfee for securing enterprise environments contains several vulnerabilities that could allow an attacker to bypass the software. It’s about McAfee Application Control software to block unauthorized applications on servers, desktops, and other devices, which allowed programs are placed on a whitelist.
Security firm SEC Consult discovered several vulnerabilities that allow an attacker to the security that the program should get around and attack the availability of the system. In addition to vulnerabilities in the kernel driver and insufficient disk protection software with a zip program delivered in 1999, with Info-ZIP. This zip program contains vulnerabilities which are well known and allow an attacker to bypass the application whitelisting.
McAfee warned on June 3 last year about problems in the software. Since the company’s vulnerabilities, according to SEC Consult not patched in time, an advisory published with information about the vulnerabilities on July 28 last year. McAfee announced that it would close the vulnerabilities in the third quarter of 2015, but the problems are still not solved. Following that SEC Consult is now a white paper (PDF) published on the problems
McAfee late in a reaction to Security.NL know the following:. “After investigators informed us last summer brought their concerns, we have the scenarios they sketched investigated immediately. We came to the conclusion that customers who follow our standard configuration guidelines for deployment, are protected from these scenarios. “
No comments:
Post a Comment