ASB-2018.0156 - [Win][Mac] McAfee Drive Encryption: Unauthorised access - Console/physical 2018-07-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0156
           McAfee Drive Encryption patches authentication bypass
                               13 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Drive Encryption
Operating System:     Windows
                      Mac OS
Impact/Access:        Unauthorised Access -- Console/Physical
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-6686  
Member content until: Sunday, August 12 2018

OVERVIEW

        A vulnerability has been identified in McAfee Drive Encryption. [1]


IMPACT

        McAfee has provided the following information regarding the
        vulnerability:
        
        "The issue is related to the Trusted Platform Module (TPM) autoboot
        feature first introduced in Drive Encryption 7.1.0, which could allow
        a third party (who has physical access), to boot the system and gain
        unauthorized access.
        
        CVE-2018-6686
        Authentication Bypass vulnerability in TPM autoboot in McAfee Drive
        Encryption (DE) 7.1.0 and above, allows physically proximate attackers
        to bypass local security protection, via a specific set of
        circumstances. NOTE: The following link was not yet populated with
        CVE details at the time of publication of this Security Bulletin.
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6686" [1]


MITIGATION

        McAfee advises updating clients to version 7.1.3 HF1241165 or
        version 7.2.6. [1]


REFERENCES

        [1] Drive Encryption update fixes authentication bypass vulnerability
            when Trusted Platform Module autoboot is enabled (CVE-2018-6686)
            (SB10242)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10242

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW0fw3GaOgq3Tt24GAQgJYRAAk8xyfUCrXxAzU8ZmYs5kTVEc51T4uArr
YFHMf9dGuExI3hLb8LPhqXfrPWDguV5BKXIU4jeEmMJrKDcOAOzbDXP0wbOwbGVp
hZj1lh4BCqXw7rWQlrjXYwfqGpKwIuuK5O6MBEYE4fAIrgs0Jnj/VHbW1ylIoiE1
Wbk945rc7GQUbUYiGlc0N5xFFZOS1sddTGy3z7AhbXrHWx2rjEs8TN1ETO5b6IPQ
/Iwq9YrNh3yxf/zzg99tWRA62C1CT3Q/5gfXc+t4mTif6xR1twmAIkCRM4CfHiKg
bmqo4GoH3ZQBlehz6LL+VhgEdDoU+6MVB/FChhUv46GkR8tAoBKZeGwucU3QyW7t
Q0TN8DZujgzs/cGKDBkbvUUNayU9yDtznC5FYlHt2eNnRxYAIZhlrSJxjQKMDpvX
/Zw6M8DW4vQSWvRqFH9v9DWuxSl3qsDKlQZE8JjmPWRVjJWD0BUsyfQqL0etQNSv
DaP59G87yAKQ4WySblFeZllHa29TK2yvMz3vmnzpFK7Q+98mhE8ZmRfmAnNm7fV4
RLW3QNxmwT4iEck1zsiGVtR7OdR3oVGbq22idyQC0dZqnPpPHITfNrbhlP/ZesKB
e2qpNzouGAKx+sB3P4WtFgwlrbdeaOotH0tMc0P8Xn7USlrHfMjhlmwy3vJ7SBOf
/1KRDuMPv/Q=
=U8Sj
-----END PGP SIGNATURE-----

« Back to bulletins