[German]Users of McAfee Endpoint Security should update the product. Because vulnerabilities weakens Windows security. Here is some information.
McAfee Endpoint Security is a security solution for organizations that want to protect endpoints. The product provides machine learning, credential theft prevention, and rollback remediation to complement the basic security capabilities of Windows desktop and server systems. In a security advisory dated November 10, 2020, McAfee now warns of three vulnerabilities (CVE-2020-7331 , CVE-2020-7332 and CVE-2020-7333) included in older product versions that compromise Windows security.
(Vulnerabilities in McAfee Endpoint Security, Source: McAfee)
- CVE-2020-7331: Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
- CVE-2020-7332: Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
- CVE-2020-7333_ Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
Products affected by these vulnerabilities:
- Endpoint Security Firewall 10.7.x
- Endpoint Security Firewall 10.6.x
- Endpoint Security Threat Prevention 10.7.x
- Endpoint Security Threat Prevention 10.6.x
- Endpoint Security Web Control 10.7.x
- Endpoint Security Web Control 10.6.x
McAfee has released updates to close these vulnerabilities for the affected products.
- ENS for Windows 10.7.0
- ENS for Windows 10.6.1
For more details please refer to the McAfee security advisory. (via)
Cookies helps to fund this blog: Cookie settings