Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0021 A vulnerability has been identified in McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention 14 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee VirusScan Enterprise McAfee Host Intrusion Prevention Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade Member content until: Saturday, March 16 2013 Reference: https://kc.mcafee.com/corporate/index?page=content&id=SB10034 OVERVIEW A vulnerability in a shared component of McAfee VirusScan and McAfee Host Intrusion Prevention system has been identified. The following software is affected: "VirusScan Enterprise (VSE) 8.8 Patch 1 VSE 8.8 Patch 2 (when updating from VSE 8.7 Patch 5 OR VSE 8.8 Patch 1) VSE 8.7 Patch 5 Host Intrusion Prevention (Host IPS) 8.0 Patch 1 and Patch 2 (when updating from Patch 1)" [1] IMPACT The vendor has provided the following information: "A vulnerability was discovered in a shared component used by VSE and Host IPS that allows for unauthorized privilege escalation. The attacker must be an authenticated user to exploit this flaw. McAfee considers this to be a high priority vulnerability and should be patched soon. Hotfixes have been created for each of these products to address this vulnerability." [1] MITIGATION McAfee has released hotfixes for the different versions affected by this vulnerability. Product Patch / Hotfix VSE 8.8 Patch 2 and HF805660 VSE 8.7 Patch 5 (release 2) and HF792686 Host IPS 8.0 Patch 2 and HF791162 REFERENCES [1] McAfee Security Bulletin - VirusScan Enterprise and Host Intrusion Prevention update fixes a privilege escalation vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10034 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBURxBiu4yVqjM2NGpAQLrjg//fImy1jNMxXXU10FAdxQGJ9/WsC/fb9Pa eZBNX1O3BEZzrBbZ06+PM2xxR6ybx56Gyv9WpUeYgab9685X8si7fJI1wLxHIp5Y VSgHtsoPzWyvBzRAo5TEMxAVFMP8JqzuFcS3CPragh3c4uOEyqZZq07MpJ3hUU+s 7M0E5fMyawRNDuGxVhXmtPKw1GJW6jhDyuCGuhcbwcfqcBwJcTZJ85IVZUh92qwv raP5wWlI3TMbKY+g+48JtirAJKxRfEsHeaeCRocQJdAwSLpo0MH3KVP8ankjDnxA C27cSV8dJwX0Istvt27/lPPGuedUxMDoPc1KSnxA70neD0Kw9wd0B3OaOer6bucA FtpV3xUzOFbgulxDE2T+1lVcph/22odKGfpboR/AlavmjfrI7RZhOr/42AEVKXHK F/xBCbmSkR/LDfNU4kpV2OoZwfstq7s3Wrd1wGbLyS7vfUKAm1JrfMXNiCL0fwAG qp6oebJxn6sVCxNddCpV5tac2o+FeTwTpS5LthTZMZc6BTLjaj6ksz+xzFLevGCB 5vaDfpKmYjg13VSTCcNKOlkqmQfSUOUCYrMCJTNq5DELySBBEMRDiJzf9Cf17UIH pu0A+wynp8fE1bVlES32I7uQnsTChctSN/V8dypSS2SHTLc4TMAG0VQmtG6UKasH RRbz9UKxg6E= =5RZE -----END PGP SIGNATURE-----