McAfee Total Protection: Update fixes vulnerability CVE-2022-43751

Sicherheit (Pexels, allgemeine Nutzung)[German]McAfee Total Protection had a vulnerability (CVE-2022-43751) that allowed Windows privilege escalation. The cause was the use of the OpenSSL variable OPENSSLDIR. McAfee issued a security alert in late October 2022 pointing out the vulnerability, which has since been closed via update in McAfee Total Protection.


The topic passed me by a bit until I became aware of the following message from Will Dormann on Twitter.

McAfee Total Protection CVE-2022-43751

Dormann points out that the use of the OpenSSL variable OPENSSLDIR allowed a Windows privilege escalation. This error appeared again and again. McAfee published a security bulletin on October 31, 2022, regarding a vulnerability in the search path element. The vulnerability, CVE-2022-4375, could allow an attacker to gain access to the device running the vulnerable software or other connected devices.

McAfee Total Protection prior to version 16.0.49 is affected, with the vulnerability receiving a CVSSv3.1 score of 5.6. McAfee has promptly released an update to version 16.0.49 that closes this vulnerability. This update should have been automatically distributed to the affected target systems.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Update, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *