Windows: Vulnerabilities in McAfee Endpoint Security (Nov. 2020)

[German]Users of McAfee Endpoint Security should update the product. Because vulnerabilities weakens Windows security. Here is some information.


Advertising

McAfee Endpoint Security is a security solution for organizations that want to protect endpoints. The product provides machine learning, credential theft prevention, and rollback remediation to complement the basic security capabilities of Windows desktop and server systems. In a security advisory dated November 10, 2020, McAfee now warns of three vulnerabilities (CVE-2020-7331 , CVE-2020-7332 and CVE-2020-7333) included in older product versions that compromise Windows security.

Schwachstellen in McAfee Endpoint Security
(Vulnerabilities in McAfee Endpoint Security, Source: McAfee)

  • CVE-2020-7331: Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
  • CVE-2020-7332: Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
  • CVE-2020-7333_ Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.

Products affected by these vulnerabilities:

McAfee has released updates to close these vulnerabilities for the affected products.

  • ENS for Windows 10.7.0
  • ENS for Windows 10.6.1

For more details please refer to the McAfee security advisory. (via)


Advertising


Advertising

This entry was posted in Security, Software, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).