Skip to main content

McAfee Antivirus


Dangerous hole found in McAfee ePO antivirus central management suit















Intel Security’s McAfee has released a patch for a very  critical SQL injection flaw in e Policy Orchestrator or ePO, its admin console used to manage software and antivirus on tens of millions of enterprise devices worldwide web.
Cisco’s Talos security team has been  disclosed details of the issues in  today life, warning that anyone has on the web can send a specific  crafted HTTP POST in an SQL query that causes an ePO database to spill enough information to profile users or monitor IT infrastructure.
“An attacker can use any HTTP client to trigger this vulnerability,” Talos researchers said.
ePO is used by 30,000 enterprise customers worldwide, and is responsible for keeping 60 million devices secure, according to McAfee.
McAfee has given the bug the highest CVSS v3 Base score of 10.0, noting that the bug is not complex to exploit and doesn’t require user privileges or interaction.
Affected products include ePO 5.1.3 and earlier and ePO 5.3.2 and earlier. The company has released hotfix files to address the issue.
Security admins use the ePO console to centrally manage antivirus and software polices via software agents that are installed on endpoint devices. Talos researchers discovered that the bug can also be used to impersonate these agents and cause information disclosure.
Given ePO’s role in managing endpoint antivirus, the software is likely to be an attractive target to attackers. It serves as yet another reminder that flaws in security software can widen a user’s attack surface, as a former Mozilla engineer highlighted recently.
“Vulnerabilities  can permit deep insight into the organization without an attacking requiring any privileged access to the centralized platforms such as Active Directory, with this access an attacker can profile users and the infrastructure passively,” said Talos.
Talos says the vulnerability lies within the application server for ePO’s Apache Tomcat-based administrator management console. The server is reachable via the console directly, or by way of a custom protocol, known as SPIPE, that hands off communication between agents and the console.
Talos’ detailed writeup is available ,where it explains that to mitigate this attack ePO customers can shut off direct access to the console and limit it to SPIPE.
“To ensure that an attacker does not have direct access to the vulnerability and instead has to use just SPIPE as an agent, verify that port 8443 that the McAfee 






Comments

Popular posts from this blog

McAfee LiveSafe Tutorial

All you need to know about McAfee LiveSafeThis tutorial would give you a holistic view of McAfee LiveSafe from every dimension.
Overview: What is McAfee LiveSafe? Well, McAfee LiveSafe is an all-round protection of all your devices (mainly PCs, Mobile Phones and Tablets) from all types of threats (Spyware, Virus, Web threats, email threats and malware) through a single platform.  Isn't that amazing! Why McAfee LiveSafe? Today's world is more advanced and technological than it have ever been and with this up-keeping of advancements, we all have multiple devices to manage our entire world. So with all these advancements, we can't ignore how potentially strong the negative elements of technology world can be. These negative elements are basically targeting your personal data, professional data and overall security of your devices, with equally advanced threats. McAfee LiveSafe is specially built with latest and most efficient technological tools to give a 360 degree protection …
McAfee Internet protection: Manage Devices
When we are using Mcafee Productin our devices ,so this article will help you how to perform the mcafee products and manage the devices. 
At Optimum, we want to provide a safe Internet experience for our customers. That is why we have partnered with McAfee a security industry leader to provide Internet protection. McAfee is part of Intel Security. If you have not installed Internet protection McAfee click here.My Account PortalTo add or remove devices covered with your subscription to Internet protection, use the My Account portal. Settings for specific devices cannot be managed through the My Account portal, that is done within the Application Console.
Add Devices in My AccountSign in to the My Account portal going to Optimum.net/protectTo add a device, click the Download on the tab. You can protect up to 20 devices.Choose a product - you have a choice of PC/Laptop, Mac, Smartphone and TabletPC/Laptop and Mac have choices for McAfee Multi Access…
McAfee MTP Retailcard Redeem, Download & Install By Online Tech Experts McAfee MTP Retailcard – A Total Protection Security by McAfeeRedeem all product Retail Card at www.mcafee.com/ activateOr you can also redeem and activate your McAfee Total Protection Retailcard by following the web address http://www.mcafeecomactivate/mtp/retailcard.html If you have other McAfee Product Retailcard then please follow the below web address to redeem as per of your product version McAfee MAV Retail Card (Antivirus Plus)  – www.mcafee.com/mav/retailcardMcAfee MIS Retail Card (Internet Security) – www.mcafee.com/mis/retailcardMcAfee MLS Retail Card (Live Safe) – www.mcafee.com/mls/retailcardHow to activate and install your McAfee MTP Retailcard ? First You need to redeem and activate your 25 characters long product key then you will see the ” install now ” button on your screen or you can also start the download from your account after successful activation of your product. Unable to Activate or Fac…