Critical Bug Can Be Exploited to Gain Windows SYSTEM Privileges

New Critical Vulnerability

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM.

According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products. 

The Agent is the piece of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces policies and executes client-side tasks such as deployment and updating. 

The McAfee Agent is also the component that uploads events and provides additional data regarding each system’s status. Periodically collecting and sending event information to the McAfee ePO server, the Agent – which also installs and updates endpoint products – is a required install on any network system that needs to be managed.

How Syxsense Can Help

Syxsense has automated the entire process of patch management.

• It automates testing of patches yet gets them deployed within three hours of receipt.
• It automates patch deployment so the right patches make it to every endpoint.
• It automates patch rollback in case of any issues or incompatibilities.
• It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.

Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.