Developers: | McAfee |
Last Release Date: | October, 2012 |
Technology: | Cybersecurity - Antiviruses, Firewall |
Content |
2019: The vulnerability allowing to execute far off the code
On November 14, 2019 it became known that researchers of security from SafeBreach Labs company detected critical vulnerability (CVE-2019-3648) in antivirus software of McAfee which operation allows the malefactor to execute the code far off.
Vulnerability is connected with the fact that the loaded DLL libraries are not checked for existence of signatures and are loaded from the current directory, but not from the actual arrangement in System32 folder. Thus any and unsigned DLL libraries can be loaded into several services, AUTHORITY\SYSTEM started with the rights.
For vulnerability operation the malefactor needs to have the administrator's rights. As some parts of the software work as Windows services with the system rights, accomplishment of any code in the context of services McAfee is possible.
According to specialists, there are three main methods of use of vulnerability in a chain of the attacks. Operation of a problem allows malefactors to load and execute harmful payloads, using several signed services in the context of the software of McAfee, to bypass a "white" list of applications and to avoid detection by the protective software.
The antivirus can not detect the harmful binary file because he tries to load it without any check, - researchers say. |
As researchers note, the criminal can configure a malicious code on reset at each start of service for preserving of persistence on a system.
The problem mentions versions of McAfee Total Protection (MTP), Anti-Virus Plus (AVP) and Internet Security (MIS) up to 16.0.R22 inclusive. McAfee released the version of antivirus software of Version 16.0.R22 Refresh 1 correcting the given vulnerability[1].
2012
McAfee Internet Security 2013
As of December, 2012 each sortie in the Internet reminds the spy thriller. On the websites deeply secreted trojans get and arrange on computers of robbery of a century. Viruses block access to a system more simply and are engaged in banal racketing. In messenzher and social networks the legion of bots suggests to increase every day something, to sew, pump up or to purchase at least at the reasonable price. At the same time under the threat there are not only users of Windows — according to McAfee, published in the report for the third quarter 2012, the number of threats continues to increase for all, without exception, platforms. In particular, for last quarter the number of the suspicious URL addresses increased by 20%, the mobile malicious software — practically doubled, and even more often softwares reveal it on the Mac platform. Besides, specialists of McAfee warn about increase in frequency of detection of trojans for theft of the passwords and malware using the mechanism of autostart (Autorun) for infection of computers via flash drives, memory cards and other external devices. The products McAfee will allow to secure once and for all themselves and the family against the various hacker attacks.
McAfee Internet Security — it uniform and universal remedy of protection against all exist cyberthreats. The program is simple in management, its broad spectrum of functions will suit all family members — protection can be set on three computers according to one license. McAfee Internet Security detects and neutralizes even the freshest versions of computer viruses in real time without personal user intervention. The program uses the most modern filters of spam, gives the chance to control access for children to the Global network. The flexible system of filters adapts to age of the child, remembers what is the time he carried out on the Internet and what sites visited.
As additional guarantee the program will organize the password-protected storage on a remote server — there it is possible to store up to 1 GB of the most valuable data and to be sure of their safety. In the program the improved double-sided firewall which will protect personal data from stealing is used. The program perfectly detects small, but artful modules a bot networks and deletes them from your computer.
The combined system of protection McAfee Internet Security supports modern versions of Microsoft Windows, including the freshest Windows 8 and also the OS X Apple operating system. The software was already available for sale at the recommended retail price of 1490 rubles.
Besides, the McAfee company provided the line of personal products for the PC — McAfee Total Protection 2013, McAfee All Access 2013 and McAfee AntiVirus Plus 2013 which include completely processed set of means of pro-active identification and removal of the malware. The expanded McAfee NetGuard function provides the contextual focused protection against bots monitoring attempts of establishment of connections by applications and informing the user on any suspicious actions. All products McAfee are compatible to Windows 8 and offer a full range of means of protecting for computers running this operating system.
McAfee Internet Security 2012
Software of McAfee Internet Security 2012 provides users with basic protection with an antivirus and the anti-spy and also the two-sided firewall. The product is capable to define potential malignancy of the websites when the user works in the search system, placing the corresponding icons what websites are safe and what are not present near results. Also function of irrevocable destruction of data is useful: it can be necessary if you decided to present or sell the computer. Besides, function of fight about a bot networks is built in software.
Also omimo all above, provides also additional functions: checks USB devices and other removable mediums of information for viruses, blocks spam, offers means of parent control and also creates reports on visit of the Internet: who was in Network, what is the time and where.