Description Preview
Overview
This vulnerability affects the McAfee Host Intrusion Prevention System (Host IPS) for Windows, a security product designed to protect systems from intrusions. The installer component of this software is vulnerable to DLL search order hijacking, which occurs when an application searches for external libraries in an insecure manner. When the installer runs, it may load DLLs from the current working directory or other locations before checking in secure system directories. An attacker with local access could exploit this by placing malicious DLLs in directories where the installer searches, leading to arbitrary code execution with the privileges of the user running the installer, potentially including administrative privileges.
Remediation
Organizations using McAfee Host Intrusion Prevention System (Host IPS) for Windows should:
- Update to version 8.0.0 Patch 15 Update or later which addresses this vulnerability.
- If immediate patching is not possible, implement the following mitigations:
- Restrict access to local file systems where the application is installed
- Monitor for suspicious file creation activities in application directories
- Ensure proper privilege management for users who can access the system
- Follow the guidance provided in McAfee Security Bulletin SB10320 for specific update instructions.
References
- McAfee Security Bulletin SB10320: https://kc.mcafee.com/corporate/index?page=content&id=SB10320
- CWE-426: Untrusted Search Path: https://cwe.mitre.org/data/definitions/426.html
- MITRE CVE-2020-7279: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7279
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- Public AdministrationPublic Administration
- ManufacturingManufacturing
- Educational ServicesEducational Services
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Transportation & WarehousingTransportation & Warehousing
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
