The Channel logo


By | Darren Pauli 7th March 2016 01:15

McAfee gaffe a quick AV kill for enterprising staff

Anti-virus engine easily disable.

Intel Security has fixed a flaw that made it possible to shut down its McAfee Enterprise virus engine, thereby allowing the installation of malware and pirated software.

The hotfix addresses an issue that Agazzini Maurizio, senior security advisor at Rome-based consultancy Mediaservice, first warned about 15 months ago. McAfee acknowledged the bypass in December 2014 and released the patch on 25 February 2016.

The flaw requires users or attackers first gain local administrator privileges, a level of access that many organisations lazily afford staff.

"McAfee VirusScan Enterprise has a feature to protect the scan engine from local Windows administrators [and] a management password is needed to disable it," Maurizio says.

"From our understanding this feature is implemented insecurely: the McAfee VirusScan Console checks the password and requests the engine to unlock the safe registry keys.

"No checks are done by the engine itself, so anyone can directly request the engine to stop without knowing the correct management password."

All versions are affected.

Attackers can either use Maurizio's tool or alter registry keys before opening the McAfee console and choosing 'no password'

Removing administrator rights from user accounts goes a long way to helping organisational security postures.

In May Manchester-based security firm Avecto reckoned 97 percent of critical Microsoft vulnerabilities released in 2014 would be mitigated by removing admin rights. ®

comment icon Read 33 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'