A recent report has revealed a vulnerability related to code execution, which has impacted McAfee antivirus editions. The cyber security team of safe breach labs gave a conclusion that for bypassing the defense mechanism of McAfee CVE-2019-3648 can be utilized. This will lead to further breaches on a system that is already compromised. A failure of validating the DLLs to be signed along with a path related issue of wbemprox.dll is the reason why this vulnerability has occurred. These random DLLs which are unsigned can get loaded into numerous services that run as the authority system. The attackers will require having administrator rights to exploit these flaws. There are most likely three major ways via which the loopholes can be taken advantage of.
Undetected By The Protection Software
The bug allows the attacker in loading and executing payloads that are malicious with the help of numerous signed services that lie in the McAfee software context. Bypassing the white listing is also made possible with this, detecting done by the software for protection could be rendered useless. The antivirus program might not be able to detect the binary of the attackers as it loads without having any check against it. The malicious codes can be reloaded every instance the service gets launched for maintain a proper persistence on a compromised system. This vulnerability came to light via the bounty platform of hacker one; it was known on the date of August 5, a vendor replied on the 21st August, and the validity of this issue was cemented on September the 3rd. On October 8, the antivirus company had shared a reliable fix deployment in collaboration with safe breach labs. This led to the CVE-2019-3648 reservation. It is reported that a fix is likely to come sometime soon.
Jhon Smith is a self-professed security expert; He has been making the people aware of the security threats. His passion is to write about Cyber security, malware, social engineering, Games,internet and new media. He writes for Mcafee products at www.mcafee.com/activate or mcafee.com/activate.