Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0156
McAfee Drive Encryption patches authentication bypass
13 July 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Drive Encryption
Operating System: Windows
Mac OS
Impact/Access: Unauthorised Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2018-6686
Member content until: Sunday, August 12 2018
OVERVIEW
A vulnerability has been identified in McAfee Drive Encryption. [1]
IMPACT
McAfee has provided the following information regarding the
vulnerability:
"The issue is related to the Trusted Platform Module (TPM) autoboot
feature first introduced in Drive Encryption 7.1.0, which could allow
a third party (who has physical access), to boot the system and gain
unauthorized access.
CVE-2018-6686
Authentication Bypass vulnerability in TPM autoboot in McAfee Drive
Encryption (DE) 7.1.0 and above, allows physically proximate attackers
to bypass local security protection, via a specific set of
circumstances. NOTE: The following link was not yet populated with
CVE details at the time of publication of this Security Bulletin.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6686" [1]
MITIGATION
McAfee advises updating clients to version 7.1.3 HF1241165 or
version 7.2.6. [1]
REFERENCES
[1] Drive Encryption update fixes authentication bypass vulnerability
when Trusted Platform Module autoboot is enabled (CVE-2018-6686)
(SB10242)
https://kc.mcafee.com/corporate/index?page=content&id=SB10242
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW0fw3GaOgq3Tt24GAQgJYRAAk8xyfUCrXxAzU8ZmYs5kTVEc51T4uArr
YFHMf9dGuExI3hLb8LPhqXfrPWDguV5BKXIU4jeEmMJrKDcOAOzbDXP0wbOwbGVp
hZj1lh4BCqXw7rWQlrjXYwfqGpKwIuuK5O6MBEYE4fAIrgs0Jnj/VHbW1ylIoiE1
Wbk945rc7GQUbUYiGlc0N5xFFZOS1sddTGy3z7AhbXrHWx2rjEs8TN1ETO5b6IPQ
/Iwq9YrNh3yxf/zzg99tWRA62C1CT3Q/5gfXc+t4mTif6xR1twmAIkCRM4CfHiKg
bmqo4GoH3ZQBlehz6LL+VhgEdDoU+6MVB/FChhUv46GkR8tAoBKZeGwucU3QyW7t
Q0TN8DZujgzs/cGKDBkbvUUNayU9yDtznC5FYlHt2eNnRxYAIZhlrSJxjQKMDpvX
/Zw6M8DW4vQSWvRqFH9v9DWuxSl3qsDKlQZE8JjmPWRVjJWD0BUsyfQqL0etQNSv
DaP59G87yAKQ4WySblFeZllHa29TK2yvMz3vmnzpFK7Q+98mhE8ZmRfmAnNm7fV4
RLW3QNxmwT4iEck1zsiGVtR7OdR3oVGbq22idyQC0dZqnPpPHITfNrbhlP/ZesKB
e2qpNzouGAKx+sB3P4WtFgwlrbdeaOotH0tMc0P8Xn7USlrHfMjhlmwy3vJ7SBOf
/1KRDuMPv/Q=
=U8Sj
-----END PGP SIGNATURE-----