Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0067
McAfee Security Bulletin - Endpoint Security updates fix a
privilege escalation vulnerability (CVE-2019-3582)
4 March 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Endpoint Security
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3582
Member content until: Wednesday, April 3 2019
OVERVIEW
A privilege escalation vulnerability has been corrected for McAfee
Endpoint security for Microsoft Windows clients. [1]
IMPACT
The vendor has provided the following information about the
vulnerability:
"CVE-2019-3582
Privilege Escalation vulnerability in the Microsoft Windows client in McAfee
Endpoint Security (ENS) 10.6.1 and earlier that allows local users to gain
elevated privileges via a specific set of circumstances." [1]
MITIGATION
The vendor recommends applying the relevant patches address this
issue. [1]
REFERENCES
[1] McAfee Security Bulletin - Endpoint Security updates fix a
privilege escalation vulnerability (CVE-2019-3582) (SB10254)
https://kc.mcafee.com/corporate/index?page=content&id=SB10254
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXHyukmaOgq3Tt24GAQgcuw/+Nbj6b99Zg+bvHd1NJfEV/obkM4hHiqPL
gahguUZgw09dpbSY3F8eUF5OAGSdUQo6atyVL6/AEe3f8jmaalBWEvbHAXHSeoKF
zcSVreah8O0YW4MLOPHOU0hYWoxixzqzjkSumkPSWajkkUB2eW8K35UJqZejITSw
owvJDU4tkPAFcIjzIHnVu2ODNlLYh58pKJr5x7lnP6IozTJh4TbTyu0hp9pOywGC
1MB7zgxaUHFbFhRhB4GM3XvyXsOJQd0oQ9/N9mNTql2cZTn2WRoWjYmzz0d0rVqF
U8Unhj5wvWKLYtcqqgunbbMSQ1pUUoAExeUPeEWz0vIJ6em2U6nGCAMAOKdF0o83
66663qnmj775j87TObi6zwARNKG44fN/aGEvO/HAjoLFSEpWdFKABHZbYOgW3tkq
lKZcEQSUCupASSrNnpGDbNXpOkXfzhCsE7heujd1EhStk952Qkarbdh2J/GF1EgJ
SrMrTbjz8N+LeV4CsCowZSK4iSjeTZxPsQGctvfiDxFM6H3g3/4aIcc/Vcgmbd/1
DTvjb4fcDgmwlqIHmQ1YjFhE4gej5hMFOQSG+GYfXZfitif09RlBaQRWdM3gxL9f
0eTQcttkuCys4WDHNrSWOdq4mPV7K3jjueVFOEBwJK3uM+RxNNc5CMrT8w16S7Co
lcqvxDOGqeM=
=97SS
-----END PGP SIGNATURE-----