McAfee Security Bulletin - McAfee Application Control updates resolve unauthorized execution of binary vulnerability (CVE-2014-9920)
Security Bulletins ID:
SB10077
Last Modified: 5/11/2017
Last Modified: 5/11/2017
Summary
| Who Should Read This Document: | Technical and Security Personnel |
| Impact of Vulnerability: | MAC unauthorized execution |
| CVE Number: | CVE-2014-9920 |
| US CERT Number: | none |
| Severity Rating: | Medium |
| Base / Overall CVSS Score: | 4.1 / 3.4 |
| Recommendations: | Update to: McAfee Application Control 6.0.0 build 9726 or later McAfee Application Control 6.0.1 build 9068 or later McAfee Application Control 6.1.0 build 692 or later McAfee Application Control 6.1.1 build 399 or later McAfee Application Control 6.1.2 build 426 or later McAfee Application Control 6.1.3 build 357 or later |
| Security Bulletin Replacement: | none |
| Caveats: | none |
| Affected Software: | McAfee Application Control 6.0.0 (RTW and all HFs earlier than 9726) McAfee Application Control 6.0.1 (RTW and all HFs earlier than 9068) McAfee Application Control 6.1.0 (RTW and all HFs earlier than 692) McAfee Application Control 6.1.1 ( RTW and all HFs earlier than 399) McAfee Application Control 6.1.2 (RTW and all HFs earlier than 426) McAfee Application Control 6.1.3 (RTW and all HFs earlier than 357) |
| Location of Updated Software: | http://www.mcafee.com/us/downloads/downloads.aspx |
Description
CVE-2014-9920
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9920
Under a specific set of circumstances, a malformed Windows binary is considered by McAfee Application Control (MAC) as non-executable and is not protected through the MAC whitelisting protection feature. Consequently, Windows allows the unauthorized execution of the binary.
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9920
Under a specific set of circumstances, a malformed Windows binary is considered by McAfee Application Control (MAC) as non-executable and is not protected through the MAC whitelisting protection feature. Consequently, Windows allows the unauthorized execution of the binary.
McAfee recommends that customers upgrade to any of the updated versions of MAC, as described in the Remediation section of this bulletin.
Remediation
Apply the appropriate hotfix to the currently supported versions of MAC 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, and 6.1.3. These fixes are included with hotfix versions listed below:
| Product | Type | Patch Version | File Name | Release Date |
| MAC 6.0.0 | Hotfix | 6.0.0 Build 9726 | SOLIDCOR600-9726_WIN.zip | July 2, 2014 |
| MAC 6.0.1 | Hotfix | 6.0.1 Build 9068 | SOLIDCOR601-9068_WIN.zip | July 2, 2014 |
| MAC 6.1.0 | Hotfix | 6.1.0 Build 692 | SOLIDCOR610-692_WIN.zip | July 2, 2014 |
| MAC 6.1.1 | Hotfix | 6.1.1 Build 399 | SOLIDCOR611-399_WIN.zip | July 2, 2014 |
| MAC 6.1.2 | Hotfix | 6.1.2 Build 426 | SOLIDCOR612-426_WIN.zip | July 2, 2014 |
| MAC 6.1.3 | Hotfix | 6.1.3 Build 357 | SOLIDCOR613-357_WIN.zip | July 2, 2014 |
McAfee Application Control download Instructions:
- Launch Internet Explorer.
- Navigate to: http://www.mcafee.com/us/downloads
- Provide your valid McAfee grant number.
- Select the product from the available downloads
- Download the product version as mentioned in the Remediation section.
For instructions on how to download McAfee products, documentation, security updates, patches, or hotfixes, see: KB56057.
For instructions on how to install / upgrade, please review the Release Notes and the Installation Guide (which can be downloaded from the Documentation tab) following the same steps above.
Workaround
None
Support
Corporate Technical Support:
1-800-338-8754
http://www.mcafee.com/us/about/contact-us.aspx#ht=tab-techsupport
Frequently Asked Questions (FAQs)
What is affected by this security vulnerability?
McAfee Application Control
McAfee Application Control
Affected Versions:
- McAfee Application Control 6.0.0 (RTW and all HFs earlier than 9726)
- McAfee Application Control 6.0.1 (RTW and all HFs earlier than 9068)
- McAfee Application Control 6.1.0 (RTW and all HFs earlier than 692)
- McAfee Application Control 6.1.1 (RTW and all HFs earlier than 399)
- McAfee Application Control 6.1.2 (RTW and all HFs earlier than 426)
- McAfee Application Control 6.1.3 (RTW and all HFs earlier than 357)
Protected Versions:
- McAfee Application Control 6.0.0 build 9726 or later
- McAfee Application Control 6.0.1 build 9068 or later
- McAfee Application Control 6.1.0 build 692 or later
- McAfee Application Control 6.1.1 build 399 or later
- McAfee Application Control 6.1.2 build 426 or later
- McAfee Application Control 6.1.3 build 357 or later
McAfee recommends that all customers verify that they have applied the latest updates.
Does this vulnerability affect McAfee enterprise products?
Yes, McAfee Application Control is an enterprise product.
How do I know if my product is vulnerable?
- Right click the McAfee tray shield icon on the Windows task bar.
- Select About.
- In the About box, see the product version under the McAfee Application Control section.
What is CVSS?
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.
What are the CVSS scoring metrics that have been used?
| Base Score | 4.1 |
| Related exploit range (AccessVector) | Local |
| Attack complexity (AccessComplexity) | Medium |
| Level of authentication needed (Authentication) | Single Instance |
| Confidentiality impact | Partial |
| Integrity impact | Partial |
| Availability impact | Partial |
| Temporal Score | 3.4 |
| Availability of exploit (Exploitability) | Functional exploit exists |
| Type of fix available (RemediationLevel) | Official fix |
| Level of verification that vulnerability exists (ReportConfidence) | Confirmed |
NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2
What has McAfee done to resolve the issue?
McAfee has released hotfixes to address this security flaw in affected product versions.
Where do I download the fix?
The fix can be downloaded from: http://www.mcafee.com/us/downloads/downloads.aspx.
Users must provide a valid Grant Number to initiate the download.
How does McAfee respond to this and any other security flaws?
McAfee's key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee’s software, we work closely with the relevant security research group to ensure rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS), which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities.
McAfee's key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee’s software, we work closely with the relevant security research group to ensure rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS), which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities.
Resources
To download new Beta software or to read about the latest Beta information, go to: http://www.mcafee.com/us/downloads/beta-programs/index.aspx
To submit Beta feedback on any McAfee product, email: mcafee_beta@mcafee.com
For contact information, go to: http://www.mcafee.com/uk/about/contact-us.aspx
For copyright, trademark attributions, and license information, go to: http://us.mcafee.com/root/aboutUs.asp?id=copyright
For patents protecting this product, see your product documentation.
To submit Beta feedback on any McAfee product, email: mcafee_beta@mcafee.com
For contact information, go to: http://www.mcafee.com/uk/about/contact-us.aspx
For copyright, trademark attributions, and license information, go to: http://us.mcafee.com/root/aboutUs.asp?id=copyright
For patents protecting this product, see your product documentation.
Disclaimer
McAfee’s key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee’s software, we work closely with the relevant security research group to ensure rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS), which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities.
McAfee only publishes product vulnerability bulletins together with an actionable workaround, patch, or hotfix; otherwise we would simply be informing the hacker community that our products are a target, putting our customers at greater risk.
McAfee only publishes product vulnerability bulletins together with an actionable workaround, patch, or hotfix; otherwise we would simply be informing the hacker community that our products are a target, putting our customers at greater risk.
