Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Intel Fixes McAfee Virus which Enabled Attackers to Disable Antivirus Protection


As per Agazzini Maurizio, security researcher of Italy, working for a local IT security advisory firm namely Mediaservice, the antivirus of McAfee VirusScan Enerprise can be disabled with the help of simple steps permitting attackers to install malware on system of the user's.

McAfee Antivirus, currently maintained and owned by Intel Security, released update for their famous antivirus program which will help to counter their software bug that allow potential attackers to disable antivirus protection on PC of victim's. Enterprise users of the software are troubled by this bug from last year, which was installed into the system alongside a feature that made the Admins from unintentionally disabling the security software operation. By default, a password was used by the antivirus, which admin users of Windows must provide to disable the McAfee VirusScan protection engine.

Mr. Maurizio has found that the implementation of this feature was not appropriate, which allow the attackers to avoid administrator password. The password was checked by McAfee VirusScan Console, and then requests the engine to unlock the safe registry keys, as explained by Mr. Maurizio on the website of Mediaservice's. The engine itself does not check, therefore anybody can directly ask the engine to stop without knowledge of the correct password of management.

A tool which changes the needed registry keys automatically was even created by the researcher, enabling the attacker to disable the antivirus without using the password. Luckily the feature was discovered, even though Intel took fifteen months to fix the simple looking bug. Mobipicker.com posted on March 7th, 2016, stating that the potential damaging attack was avoided as a user can only take advantage of this fault, if they can gain administrator privileges of the machine that is administered by Windows and has been particularly strengthened with the Windows 8 introduction.

Once Intel got the bug report during November 2014, it focuses on other more critical issues, and finally a patch was published for this problem on 25th February, 2016, nearly after 15 months.

To address this problem, antivirus version SB10151 of McAfee VirusScan Enterprise has been released. All versions of McAfee VirusScan Enterprise before 8.8 without SB10151 installed have been affected.

ยป SPAMfighter News - 3/14/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next