McAfee Labs

Should I Worry About AVGater, Which Exploits Some Security Products?

On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products. The vulnerability allows a user without administrative privileges to restore a quarantined file in a user’s defined location. After internal reviews and with confirmation from the author of the blog, McAfee believes no McAfee products are affected by the privilege escalation …

McAfee Labs

Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735

I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509 certificate—presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and exchanging information about the severity of vulnerabilities. The problem is …

Business, McAfee Labs

ROCA: Which Key-Pair Attacks Are Credible?

In the past two weeks, we have seen two big encryption issues arise: key reinstallation attacks, called KRACKs; and “Return of Coppersmith’s Attack,” called ROCA. Many CEOs, CIOs, and CISO/CSOs are asking, as they must, “Are we protected?” and “What’s our exposure?” Security architects are scurrying about to identify reasonable responses that can be presented …

Business, Cloud Security

McAfee Demos Ease of Exploiting Recent Apache Struts Vulnerability

This post was written by Brook Schoenfield and the Advanced Threat Research Team. A series of exploitable conditions have been uncovered in Apache Struts. One of these, CVE-2017-9805, allows unauthenticated execution of attacker code (aka remote code execution). This issue has already been weaponized into attack kits such as Metasploit and exploitation has been seen …

Business, Technical How To

Update: Technical McAfee Detail On DoubleAgent

Cedric Cochin teamed with Brook Schoenfield on this article Updated March 29, 2017 McAfee has been investigating the impact of the so-called “DoubleAgent zero-day” technique of Windows debugging capabilities announced on 22 March 2017. This injection technique uses a Microsoft Windows debugging feature that requires administrative privileges.  On the fly debugging is designed to be used …