{"id":16883,"date":"2020-11-25T17:06:12","date_gmt":"2020-11-25T16:06:12","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=16883"},"modified":"2023-03-23T19:21:45","modified_gmt":"2023-03-23T18:21:45","slug":"windows-schwachstellen-in-mcafee-endpoint-security-nov-2020","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/11\/25\/windows-schwachstellen-in-mcafee-endpoint-security-nov-2020\/","title":{"rendered":"Windows: Vulnerabilities in McAfee Endpoint Security (Nov. 2020)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/11\/25\/windows-schwachstellen-in-mcafee-endpoint-security-nov-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Users of McAfee Endpoint Security should update the product. Because vulnerabilities weakens Windows security. Here is some information.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/0011d58fe4214a45b32dc10de056a45a\" width=\"1\" height=\"1\">McAfee Endpoint Security is <a href=\"https:\/\/web.archive.org\/web\/20211009234916\/https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/data-sheets\/ds-endpoint-security.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">a security solution for organizations<\/a> that want to protect endpoints. The product provides machine learning, credential theft prevention, and rollback remediation to complement the basic security capabilities of Windows desktop and server systems. In a <a href=\"https:\/\/web.archive.org\/web\/20211206100350\/https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=SB10335\" target=\"_blank\" rel=\"noopener noreferrer\">security advisory<\/a> dated November 10, 2020, McAfee now warns of three vulnerabilities (CVE-2020-7331 , CVE-2020-7332 and CVE-2020-7333) included in older product versions that compromise Windows security.<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20211206100350\/https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=SB10335\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" title=\"Schwachstellen in McAfee Endpoint Security\" alt=\"Schwachstellen in McAfee Endpoint Security\" src=\"https:\/\/i.imgur.com\/0SfF0Lq.png\"><\/a><br \/>(Vulnerabilities in McAfee Endpoint Security, Source: <a href=\"https:\/\/web.archive.org\/web\/20211206100350\/https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=SB10335\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee<\/a>)<\/p>\n<ul>\n<li><strong>CVE-2020-7331: <\/strong>Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.\n<li><strong>CVE-2020-7332: <\/strong>Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.\n<li><strong>CVE-2020-7333_ <\/strong>Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.<\/li>\n<\/ul>\n<p>Products affected by these vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923033209\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Firewall&amp;v=10.7.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Firewall 10.7.x<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923033314\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Firewall&amp;v=10.6.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Firewall 10.6.x<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923034805\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Threat+Prevention&amp;v=10.7.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Threat Prevention 10.7.x<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923033715\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Threat+Prevention&amp;v=10.6.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Threat Prevention 10.6.x<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923033247\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Web+Control&amp;v=10.7.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Web Control 10.7.x<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20210923033730\/https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?p=Endpoint+Security+Web+Control&amp;v=10.6.x&amp;lang=en_US&amp;facets=Security%20Bulletins%40INQUIRA_TYPE&amp;s=true&amp;sm=true&amp;tab=SCtdl&amp;sb=mostRelevant&amp;sbv=relevance\" target=\"_blank\" rel=\"noopener noreferrer\">Endpoint Security Web Control 10.6.x<\/a><\/li>\n<\/ul>\n<p>McAfee has released updates to close these vulnerabilities for the affected products. <\/p>\n<ul>\n<li>ENS for Windows 10.7.0\n<li>ENS for Windows 10.6.1<\/li>\n<\/ul>\n<p>For more details please refer to the McAfee security advisory. (<a href=\"https:\/\/www.heise.de\/news\/Sicherheitsluecken-in-McAfee-Endpoint-Security-machen-Windows-angreifbar-4970655.html\" target=\"_blank\" rel=\"noopener noreferrer\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Users of McAfee Endpoint Security should update the product. Because vulnerabilities weakens Windows security. Here is some information.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,2],"tags":[646,69,194],"class_list":["post-16883","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-windows","tag-antivirus","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=16883"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16883\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=16883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=16883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=16883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}