McAfee Vulnerable to Metasploit Attack

McAfee is aware of a publicly disclosed attack that could disable VirusScan Enterprise (VSE) running on a customer’s machine.  This attack is not a stand-alone attack, but acts as a payload to be chained via another attack.

Affected software:

  • VirusScan Enterprise 8.7 and earlier (Windows only)

If the attack is successful, it disables both VSE and the connection to ePO.  It would leave the McAfee Shield visible, so it may not be immediately apparent that antivirus protection has been disabled.  In addition to the immediate disabling of VSE, the attack changes settings for VSE, resulting in diminished capacity for scanning going forward.

McAfee has already developed a strategy that would prevent this from happening in the upcoming VSE 8.8 release. They have released a DAT file (6209) that detects the metasploit plugin used to run this attack. It is recommended that users update their McAfee software to receive the latest DAT file.

Read the full McAfee bulletin.


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: