Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2016.0003
A vulnerability has been discovered in McAfee Application Control
14 January 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Application Control
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-1715
Member content until: Saturday, February 13 2016
OVERVIEW
A vulnerability has been discovered in McAfee Application Control
(MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before
build 449, 6.1.3 before build 441, and 6.2.0 before build 505.
IMPACT
The vendor has provided the following information:
CVE-2016-1715: "The swin.sys kernel driver in McAfee Application
Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2
before build 449, 6.1.3 before build 441, and 6.2.0 before build 505
on 32-bit Windows platforms allows local users to cause a denial of
service (memory corruption and system crash) or gain privileges via
a 768 syscall, which triggers a zero to be written to an arbitrary
kernel memory location." [1]
MITIGATION
The vendor has provided hotfixes for the affected versions. [1]
REFERENCES
[1] Intel Security - Security Bulletin: Application Control update
fixes system crash caused by certain inputs to Application Control
driver API on Windows 32-bit systems
https://kc.mcafee.com/corporate/index?page=content&id=SB10145
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVpccaH6ZAP0PgtI9AQKgQw//V9IgWZjgBDnz1wyVyh1B2rHwfa8Wd5jD
FJ0ZtVU/OTAG8P6tjKNYKTcnmS5cECtYuapz+gBuFHu5SaEQwrBu6Y5wsHDvIVj+
43lnhUIhMiVSNxfArOFYNi3WoySnxMPBy8gweECfm7DM8E9r+aizgBrlBovjYDPP
xX3WN011K6Xdb5wVS0gvsNeGWL+evethIAoS0uvZ09jJ9x2BsEEsuQPOkab06fhx
8isle3oSDw+wBhs6KwsMmKu0cndIh2YDjbrSKmmpY5DtCegHzHOsUvPaW8cVNLUV
OQMsP1znMhHcl96kmdl4z8tzrKM7nan3KT2z5Y/1SAwckasb+RDKDlVUFsJ6p59l
A9YLTi62PsNO0yrgbLm+W1OSqiDTX4sbiwdvynNKTuQmsIe5s9bU1Gf7cseufPts
eFPhX8bIOn3MPDqZzOAxxEeV88/PpZOCYBiLSuoKjRaf8eT0lU4H3nFUy/xVxEOB
PDAimdeF1ZLzSbVUYC97cyowQYZmh69C9J3b7I3WJqI1YQQy2RnuvVcJSN0065l4
diWpu5zGNJsSIn42f7ktPZ+3j1UFgodgI1RE98yQT8LBX70nZ7BYafWZ6KGAl+6G
2H88neHvbbghwWpvg6unjynX6SpM21gZGTcyCvCwObw/h4lkvQMMITAnFIMjB2xL
aMYrwcIEysM=
=xcZY
-----END PGP SIGNATURE-----