McAfee VirusScan Enterprise < 8.8 Patch 7 Protected Resource Access Bypass (SB10151)
Low Nessus Plugin ID 89940
SynopsisThe antivirus application installed on the remote Windows host is affected by a security mechanism bypass vulnerability.
DescriptionThe version of McAfee VirusScan Enterprise (VSE) installed on the remote Windows host is prior to 8.8 Patch 7. It is, therefore, affected by a flaw in its self-protection mechanism when applying rules to access settings, which are used to determine what applications and associated actions can be trusted. An attacker with Windows administrative privileges can exploit this flaw to control the trust settings and bypass access restrictions, allowing protected McAfee applications, including VSE, to be disabled or uninstalled.
Note that the attacker does not need to possess the management password to exploit this vulnerability.
SolutionUpgrade to McAfee VirusScan Enterprise version 8.8 Patch 7.