-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0033
            A vulnerability in a component of McAfee VirusScan
          Enterprise allows for unauthorised privilege escalation
                               1 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee VirusScan Enterprise
Operating System:     Windows
Impact/Access:        Increased Privileges -- Existing Account
Resolution:           Patch/Upgrade
Member content until: Sunday, March 31 2013

OVERVIEW

        A vulnerability was discovered in a component of McAfee VirusScan 
        Enterprise that allows for unauthorised privilege escalation. [1]


IMPACT

        Vendor advises that the vulnerability only exists if Access Protection
        has been disabled by an Administrator in the following product [1]:
        
        * VSE 8.8 Patch 2 with Access Protection, including Self Protection, 
           turned off [1]
        
        McAfee advises:
        "Access Protection is enabled by default. McAfee recommends that Access 
        Protection be enabled if at all possible. The attacker must be an 
        authenticated user to exploit this flaw." [1]


MITIGATION

        The vendor recommends installing the available patch/hotfix to
        mitigate the vulnerability. [1]


REFERENCES

        [1] McAfee Security Bulletin - Virus Scan Enterprise update fixes a
            potential privilege escalation vulnerability when access protection
            is turned off
            https://kc.mcafee.com/corporate/index?page=content&id=SB10038

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUTA1Fe4yVqjM2NGpAQKT+g/9GiSAQEIDCrcOlRK0WyCHCoLqZ8NEufhb
bZ4zi9uwRWcWLwuVDgvk7JpXl1Fm9PxOAIVRjbCBfYayTI9nk6Qv9ZskAQrWwTA+
voaSy2Qt/wQoInO7rHgMeTTvf0aQYEG9VChdMS69xGUyBAZHvnbE2bgNVZr5Auxi
xyVZMSGTRDLYe1GvyLfTsV196HQxgrzFFuM7uJj5/I6OWMGnT6KLGdF6C1ZUgd/H
XJCxUosKSLT+vS2JD1/lsTNEHoEi+utbf+yI+q1ajXNyS13VebgNAdVrRVpyrGUO
Kzcz1BSy/ZmItJw3k5dV5BSTdlKiJAi4TYJMp6Sbr7Q5Hl6HQuiY1wEL8NEv3TmQ
TvYjQD+OOzNlmmZzxW0urRbxXRPX4O6Yr8OF8qxzPbnCm9PeKtv7V7/Txxz7kwKC
E+z76fdT14TBMsjf83nQ7ASbSAJPHxL9O1YtaajTRXbm+z67fo/jtOUDAWdmwAIN
NaY4MopnAl8DesVkMfsR7yYsEvRiT5VDDQ99uxEB1uc2+NR8OjwsAoa7/duPr8hG
mMF1I7YxyPDIPmqp0UI35CuaEnTiSB9GJS2CeHfXI/wFp/ycBvqaX3cMZE8lQI8V
viUnujT5CGbkexZDYze/+Ym+0TItvgojIWU/b5mwzIlaMYtT67zfh7qPuGaw8vwO
6Uu3LS8Qlp0=
=7ouM
-----END PGP SIGNATURE-----