McAfee VirusScan Enterprise 8.7 and earlier Metasploit payload attack

McAfee SB10014 was first released in Jan-2011 (pre DAT file 6209), with the exploit being released 2010-Dec-25. The following is the latest update and recommendation;

❝McAfee is aware of a publicly disclosed attack that could disable VSE running on a customer’s machine. This attack is not a standalone attack, but acts as a payload to be chained via another attack. The attack was disclosed in a public tool.
If this attack is successful, it would result in disabling both VSE and the connection to ePO. It would leave the McAfee Shield visible, so it may not be immediately apparent that antivirus protection has been disabled. In addition to the immediate disabling of VSE, the attack changes settings for VSE, resulting in diminished capacity for scanning going forward.
McAfee is focused on finding a comprehensive solution to this attack in our current shipping versions. We have already developed a strategy that would prevent this from happening in the upcoming VSE 8.8 release, and are looking at how we can leverage this technology to prevent this in our current shipping products.❞

Affected software:
VirusScan Enterprise 8.7 and earlier (Windows only)

Install VSE 8.8 (or later) or apply Hotfix 643440

[1] McAfee Security Bulletin – VSE 8.7 and earlier Metasploit payload attack SB10014 (Updated: 2013-Jul-22) [McAfee]

This entry was posted in security, virusscan and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.