Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2016.0053 A vulnerability has been identified in McAfee VirusScan Enterprise 9 May 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee VirusScan Enterprise Operating System: Windows Impact/Access: Unauthorised Access -- Existing Account Resolution: Patch/Upgrade Member content until: Wednesday, June 8 2016 OVERVIEW A vulnerability has been identified in McAfee VirusScan Enterprise prior to version VSE 8.8.0 Patch 6/7 Hotfix 1123565 8.8.0.1546. [1] IMPACT The vendor has provided the following information about the vulnerability: "This update addresses an issue with VSE where closing the registry handles for the VSE process mcconsole.exe using Process Explorer (or similar tools) could be exploited to unlock the password protected VirusScan Console window. This trusted access bypass vulnerability allows access to resources normally protected by VSE." [1] MITIGATION The vendor recommends applying to the latest hotfix. [1] REFERENCES [1] Intel Security - Security Bulletin: VirusScan Enterprise update fixes protections bypass vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10158 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVzAUaX6ZAP0PgtI9AQICRA//TIT4jNZa5UPcbU9SZUQM7+sEXq0B/34m 1R5L84KTrMIeJ3E6y4WQIVcihn/o0eoaK9P1NCpjqPh/op68Xxl/AI61EHkt+jD2 aZlS5HNj+uolGL0Vpat1ugAp8vzBkLhJhR/r0IzndpZKYob04/PuZTxjyGl6cj54 /MAJtnAV6n7cqGqiQaeD4MWYQmsPHfoNL5C7JNPSe2/ciYEkBTWivGJeIuebq5lz B2sT3rr8OEVs9UUGG+505g2Skp5GI9i5Wvdc7AohV6TWj+yo+lZyA8PIdD9ivRnW 1H8bd+1HD4gWT4Rqd/teHSt++vCvJB5BfaQRLLkjRSwvgegTD8vcYsBUWPLreXpx 4OTAJRuxSLNjDjTfGLD/1Jv5mTQOTF0nTBXsumIBn+s6CQw0NMcKILznkLvWdb/d gJqwhUtYcabq0ZSEHzsmPGGoIvjmOANMTjMNcZ1Fi9l7mPX2BgURiO3yo9a152Ec euQ21qmh2Ned5/yUDHZtTx4dCMX/4ApYMc3X9zO3/qV13r+cr8ppzv/8aRKdIgAL UmKabyQ/B28o9I74Atzz/RBwGtYXA1JB4qF1XCAUquD0FyOnTywrDdvC2HuR4tjE zmtYFj1sVYzD+9EDn6JVUFY3dvZQlAl+00uV34aCEroJJiMzC2Ab3rTibVkIh9lV URFey0gZB2o= =t3BH -----END PGP SIGNATURE-----