Operating System:

[Win]

Published:

14 January 2016

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0003
     A vulnerability has been discovered in McAfee Application Control
                              14 January 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Application Control
Operating System:     Windows
Impact/Access:        Increased Privileges -- Existing Account
                      Denial of Service    -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-1715  
Member content until: Saturday, February 13 2016

OVERVIEW

        A vulnerability has been discovered in McAfee Application Control 
        (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before 
        build 449, 6.1.3 before build 441, and 6.2.0 before build 505.


IMPACT

        The vendor has provided the following information:
        
        CVE-2016-1715: "The swin.sys kernel driver in McAfee Application 
        Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2
        before build 449, 6.1.3 before build 441, and 6.2.0 before build 505
        on 32-bit Windows platforms allows local users to cause a denial of
        service (memory corruption and system crash) or gain privileges via
        a 768 syscall, which triggers a zero to be written to an arbitrary 
        kernel memory location." [1]


MITIGATION

        The vendor has provided hotfixes for the affected versions. [1]


REFERENCES

        [1] Intel Security - Security Bulletin: Application Control update
            fixes system crash caused by certain inputs to Application Control
            driver API on Windows 32-bit systems
            https://kc.mcafee.com/corporate/index?page=content&id=SB10145

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVpccaH6ZAP0PgtI9AQKgQw//V9IgWZjgBDnz1wyVyh1B2rHwfa8Wd5jD
FJ0ZtVU/OTAG8P6tjKNYKTcnmS5cECtYuapz+gBuFHu5SaEQwrBu6Y5wsHDvIVj+
43lnhUIhMiVSNxfArOFYNi3WoySnxMPBy8gweECfm7DM8E9r+aizgBrlBovjYDPP
xX3WN011K6Xdb5wVS0gvsNeGWL+evethIAoS0uvZ09jJ9x2BsEEsuQPOkab06fhx
8isle3oSDw+wBhs6KwsMmKu0cndIh2YDjbrSKmmpY5DtCegHzHOsUvPaW8cVNLUV
OQMsP1znMhHcl96kmdl4z8tzrKM7nan3KT2z5Y/1SAwckasb+RDKDlVUFsJ6p59l
A9YLTi62PsNO0yrgbLm+W1OSqiDTX4sbiwdvynNKTuQmsIe5s9bU1Gf7cseufPts
eFPhX8bIOn3MPDqZzOAxxEeV88/PpZOCYBiLSuoKjRaf8eT0lU4H3nFUy/xVxEOB
PDAimdeF1ZLzSbVUYC97cyowQYZmh69C9J3b7I3WJqI1YQQy2RnuvVcJSN0065l4
diWpu5zGNJsSIn42f7ktPZ+3j1UFgodgI1RE98yQT8LBX70nZ7BYafWZ6KGAl+6G
2H88neHvbbghwWpvg6unjynX6SpM21gZGTcyCvCwObw/h4lkvQMMITAnFIMjB2xL
aMYrwcIEysM=
=xcZY
-----END PGP SIGNATURE-----