McAfee Security Bulletin - McAfee Application Control updates resolve unauthorized execution of binary vulnerability (CVE-2014-9920)
Last Modified: 5/11/2017
Summary
Who Should Read This Document: | Technical and Security Personnel |
Impact of Vulnerability: | MAC unauthorized execution |
CVE Number: | CVE-2014-9920 |
US CERT Number: | none |
Severity Rating: | Medium |
Base / Overall CVSS Score: | 4.1 / 3.4 |
Recommendations: | Update to: McAfee Application Control 6.0.0 build 9726 or later McAfee Application Control 6.0.1 build 9068 or later McAfee Application Control 6.1.0 build 692 or later McAfee Application Control 6.1.1 build 399 or later McAfee Application Control 6.1.2 build 426 or later McAfee Application Control 6.1.3 build 357 or later |
Security Bulletin Replacement: | none |
Caveats: | none |
Affected Software: | McAfee Application Control 6.0.0 (RTW and all HFs earlier than 9726) McAfee Application Control 6.0.1 (RTW and all HFs earlier than 9068) McAfee Application Control 6.1.0 (RTW and all HFs earlier than 692) McAfee Application Control 6.1.1 ( RTW and all HFs earlier than 399) McAfee Application Control 6.1.2 (RTW and all HFs earlier than 426) McAfee Application Control 6.1.3 (RTW and all HFs earlier than 357) |
Location of Updated Software: | http://www.mcafee.com/us/downloads/downloads.aspx |
Description
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9920
Under a specific set of circumstances, a malformed Windows binary is considered by McAfee Application Control (MAC) as non-executable and is not protected through the MAC whitelisting protection feature. Consequently, Windows allows the unauthorized execution of the binary.
McAfee recommends that customers upgrade to any of the updated versions of MAC, as described in the Remediation section of this bulletin.
Remediation
Product | Type | Patch Version | File Name | Release Date |
MAC 6.0.0 | Hotfix | 6.0.0 Build 9726 | SOLIDCOR600-9726_WIN.zip | July 2, 2014 |
MAC 6.0.1 | Hotfix | 6.0.1 Build 9068 | SOLIDCOR601-9068_WIN.zip | July 2, 2014 |
MAC 6.1.0 | Hotfix | 6.1.0 Build 692 | SOLIDCOR610-692_WIN.zip | July 2, 2014 |
MAC 6.1.1 | Hotfix | 6.1.1 Build 399 | SOLIDCOR611-399_WIN.zip | July 2, 2014 |
MAC 6.1.2 | Hotfix | 6.1.2 Build 426 | SOLIDCOR612-426_WIN.zip | July 2, 2014 |
MAC 6.1.3 | Hotfix | 6.1.3 Build 357 | SOLIDCOR613-357_WIN.zip | July 2, 2014 |
- Launch Internet Explorer.
- Navigate to: http://www.mcafee.com/us/downloads
- Provide your valid McAfee grant number.
- Select the product from the available downloads
- Download the product version as mentioned in the Remediation section.
Workaround
None
Support
Corporate Technical Support:
1-800-338-8754
http://www.mcafee.com/us/about/contact-us.aspx#ht=tab-techsupport
Frequently Asked Questions (FAQs)
McAfee Application Control
Affected Versions:
- McAfee Application Control 6.0.0 (RTW and all HFs earlier than 9726)
- McAfee Application Control 6.0.1 (RTW and all HFs earlier than 9068)
- McAfee Application Control 6.1.0 (RTW and all HFs earlier than 692)
- McAfee Application Control 6.1.1 (RTW and all HFs earlier than 399)
- McAfee Application Control 6.1.2 (RTW and all HFs earlier than 426)
- McAfee Application Control 6.1.3 (RTW and all HFs earlier than 357)
- McAfee Application Control 6.0.0 build 9726 or later
- McAfee Application Control 6.0.1 build 9068 or later
- McAfee Application Control 6.1.0 build 692 or later
- McAfee Application Control 6.1.1 build 399 or later
- McAfee Application Control 6.1.2 build 426 or later
- McAfee Application Control 6.1.3 build 357 or later
Does this vulnerability affect McAfee enterprise products?
Yes, McAfee Application Control is an enterprise product.
How do I know if my product is vulnerable?
- Right click the McAfee tray shield icon on the Windows task bar.
- Select About.
- In the About box, see the product version under the McAfee Application Control section.
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.
What are the CVSS scoring metrics that have been used?
Base Score | 4.1 |
Related exploit range (AccessVector) | Local |
Attack complexity (AccessComplexity) | Medium |
Level of authentication needed (Authentication) | Single Instance |
Confidentiality impact | Partial |
Integrity impact | Partial |
Availability impact | Partial |
Temporal Score | 3.4 |
Availability of exploit (Exploitability) | Functional exploit exists |
Type of fix available (RemediationLevel) | Official fix |
Level of verification that vulnerability exists (ReportConfidence) | Confirmed |
NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2
What has McAfee done to resolve the issue?
McAfee has released hotfixes to address this security flaw in affected product versions.
Where do I download the fix?
The fix can be downloaded from: http://www.mcafee.com/us/downloads/downloads.aspx.
Users must provide a valid Grant Number to initiate the download.
McAfee's key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee’s software, we work closely with the relevant security research group to ensure rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS), which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities.
Resources
To submit Beta feedback on any McAfee product, email: mcafee_beta@mcafee.com
For contact information, go to: http://www.mcafee.com/uk/about/contact-us.aspx
For copyright, trademark attributions, and license information, go to: http://us.mcafee.com/root/aboutUs.asp?id=copyright
For patents protecting this product, see your product documentation.
Disclaimer
McAfee only publishes product vulnerability bulletins together with an actionable workaround, patch, or hotfix; otherwise we would simply be informing the hacker community that our products are a target, putting our customers at greater risk.