Zuhause » Wie zu entfernen » Adware » Forscher fanden heraus, gefährliche Fehler in McAfee Antiviren-Produkte

Forscher fanden heraus, gefährliche Fehler in McAfee Antiviren-Produkte

SafeBreach Spezialisten entdeckt einen gefährlichen Fehler in McAfee Antiviren-Produkte. Die Sicherheitslücke CVE-2019-3648 betrifft McAfee Total Protection (MTP), McAfee Anti-Virus plus (AVP), und McAfee Internet Security (WAS) Sicherheitslösungen.

Die Ursache des Problems ist, dass McAfee-Produkte versuchen, die DLL-Datei zu laden (wbemcomn.dll) mit dem falschen Dateipfad.

„In unserer Exploration, we found that multiple services of the McAfee software which run as signed processes and as NT AUTHORITY\ SYSTEM try to load c:\Windows\System32\wbem\wbemcomn.dll, which cannot be found (since it is actually located in System32 and not in the System32\Wbem folder)“, – schreiben SafeBreach specialists.

Als Ergebnis, the attacker gets the opportunity to create his own malicious version of wbemcomn.dll, place it in a directory where the antivirus is trying to detect the file, which will ultimately lead to the file downloading and its launch without any checks.

lesen Sie auch: Benannt drei amerikanische Anti-Virushersteller, von Fxmsp Band gehackt

To exploit the vulnerability, attacker will need administrator rights. If this condition has been met, the bug allows bypassing the protective mechanisms of McAfee antivirus products and load unsigned DLLs into various services working with NT AUTHORITY\SYSTEM rights.

“We suspected that a vulnerability could be exploited if we could load an arbitrary unsigned DLL into these processes. This would enable us to bypass the self-defense mechanism of the antivirus software, mainly because the folders of the McAfee software are protected by a mini-filter filesystem driver, which restricts writing operations even by an Administrator”, – explain SafeBreach researchers.

This ability might be abused by an attacker for different purposes such as execution and evasion, zum Beispiel: Application Whitelisting Bypass.

LESEN  In der freien Bitdefender Antivirus-Fest Verwundbarkeit, was dazu führte zur Eskalation von Privilegien

It will also provide the attacker with a stable presence in the system, because malicious code from the DLL will be executed with every restart of the services.

Researchers told McAfee specialists about the problem back in August of this year, and by now the vulnerability has already been fixed. Users of vulnerable products are advised to upgrade to version 16.0.R22 Refresh 1.

[Gesamt:0    Durchschnitt: 0/5]

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

Wie entfernen MessengerDeck?

MessengerDeck Junk-Werbebannern beziehen sich auf Malware-Aktivitäten in dem System, wie es diese produziert …

Entfernen Pushbesttools.com Benachrichtigungen anzeigen

Die Pushbesttools.com Benachrichtigungen sind ein Social Engineering-Angriff, dass Versuche, die Sie in zeichn zu täuschen …

Hinterlasse eine Antwort