A security vulnerability has been identified in the McAfee Endpoint Security service, a comprehensive security management solution developed to automatically identify and block threats, allowing threat actors to elevate their privileges on Windows systems. The vulnerability, code CVE-2021-31847, allows local threat actors to elevate privileges on affected McAfee Endpoint Security installations. However, in order for threat actors to exploit this vulnerability, they must first acquire the ability to execute low-privileged code on the target system. The vulnerability is present in the installer and is caused by incorrect permissions set on a resource used by the installer. Threat actors can exploit this vulnerability to escalate privileges and execute arbitrary code in the SYSTEM context.

Affected Systems

All systems with McAfee Agent installed on Windows.

Solution and CVE/CWE

The vulnerability, which is considered to be of high criticality, has been fixed with the updates published by McAfee. We recommend that users using vulnerable Endpoint Security versions apply the released updates immediately. Download Mcafee agent’s EXTENSION and Package from Mcafee’s website below. Upload it to the ePO server. Make the agent distribution, which is the new version 5.7.4. You can get detailed information from the link below.

https://kc.mcafee.com/corporate/index?page=content&id=SB10369

CVE/CWE: CVE-2021-31836, CVE-2021-31841, CVE-2021-31847