McAfee Agent 4.8 Patch 3 (4.8.0.1938)

McAfee Agent 4.8 Patch 3 (4.8.0.1938)

DearBytesNieuwsProduct updatesMcAfee Agent 4.8 Patch 3 (4.8.0.1938)

woensdag 18 februari 2015

McAfee AgentIntel Security heeft Patch 3 uitgebracht voor McAfee Agent versie 4.8. Met deze patch worden twee kwetsbaarheden in de software opgelost. Om die reden is Patch 3 geclassificeerd als mandatory.

Kwetsbaarheden in McAfee Agent 4.8

Beide kwetsbaarheden bestaan in alle versies tot en met McAfee Agent 4.8 Patch 2. SB10094 bestaat ook in McAfee Agent 5.0.x, waarvoor een fix verwacht wordt in maart 2015.

Installatie McAfee Agent 4.8 Patch 3

Voor instructies ten behoeve van installatie van McAfee Agent 4.8 Patch 3 wordt verwezen naar de McAfee Agent 4.8 Product Guide. Deze product guide kan worden gedownload vanaf mcafee.com. Op dezelfde locatie is ook de software van McAfee Agent 4.8 Patch 3 zelf te vinden.

Indien u de hulp wenst in te schakelen van de McAfee specialisten van DearBytes, neem dan contact op met uw accountmanager.

Officiële aankondiging

Met de volgende tekst heeft Intel Security de release van McAfee Agent 4.8 Patch 3 aangekondigd.

McAfee Agent 4.8 Patch 3 Now Available

McAfee Agent 4.8 Patch 3 is now available. This is considered a mandatory release and includes new features, fixes, and enhancements including:

  • All fixes included in previous MA 4.8 releases
  • Mac OX 10.10 Support (replaces MA 4.8 P2 HF 972377)
  • Addresses multiple vulnerabilities including those described in the following Security Bulletins:
    – SB10094 – McAfee Agent update fixes http-generic-click-jacking vulnerability
    – SB10101 – McAfee Agent fixes vulnerability when Agents migrate from one ePO server to another
    – SB10100 – McAfee Security Bulletin – GHOST Vulnerability
  • Additional resolved issues as listed in the Release Notes

McAfee Agent 4.8 Patch 3 is available for Windows and non-Windows agents and includes a new extension.

To download McAfee Agent 4.8 Patch 3 go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

For a full list of changes, see the Release Notes in PD25667: https://kc.mcafee.com/corporate/index?page=content&id=PD25667.

For a list of known issues, see KB83733: https://kc.mcafee.com/corporate/index?page=content&id=KB83733.

Even later verscheen een tweede bericht, met een verwarrende titel, die een beschrijving gaf van de kwetsbaarheden. De titel is verwarrend omdat het refereert aan Patch 2. Het bericht gaat echter over de opgeloste kwetsbaarheden in Patch 3.

McAfee Agent 4.8 Patch 2 [Patch 3] resolves multiple security vulnerabilities (SB10094 and SB10101)

Multiple vulnerabilities have been discovered and resolved in McAfee Agent (MA) 4.8.

AFFECTED PRODUCT VERSIONS

  • MA 5.0.0 (SB10094)
  • MA 4.8.0 Patch 2 and earlier (SB10094 and SB10101)

PROTECTED VERSIONS
These product versions are NOT affected:

  • MA 5.0 (SB10101)
  • MA 4.8 Patch 3 (SB10094 and SB10101)

NOTE: MA 5.0.1, which will resolve the issue described in SB10094 for MA 5.0.x is expected by the end of March, 2015.

IMPACT
SB10094
MA functionality for viewing logs remotely on Windows is vulnerable to http-generic-click-jacking.

CAPEC-103 – Common Attack Pattern Enumeration and Classification – Clickjacking
CWE-693 – Protection Mechanism Failure

SB10101
A potentially vulnerable scenario has been identified by Intel Security when McAfee Agents migrate from one ePO server to another. This vulnerability exists whent the following conditions are met:

  • The security keys from the source ePO server are imported into the target ePO server.
  • The target ePO server assumes the same IP address/hostname as the source ePO server.

CWE-300 – Weakness Class Channel Accessible by Non-Endpoint (‘Man-in-the-Middle’)
CWE-818 – Insufficient Transport Layer Protection
OWASP 2013:A2 – Broken Authentication and Session Mgt

RECOMMENDATION
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see the following McAfee KnowledgeBase articles