McAfee Security Bulletin - Network Data Loss Prevention update fixes eleven vulnerabilities (CVE-2017-3933, CVE-2017-3934, CVE-2017-3935, CVE-2017-3968, CVE-2017-4011, CVE-2017-4012, CVE-2017-4013, CVE-2017-4014, CVE-2017-4015, CVE-2017-4016, and CVE-2017-4017)
Security Bulletins ID:
SB10198
Last Modified: 11/5/2018
Last Modified: 11/5/2018
Summary
First Published: 5/16/2017
| Impact of Vulnerability: | View sensitive information Man in the middle attack MIME sniffing allows unexpected content display A crafted authentication cookie View session/cookie information View confidential information Obtain product information View, add, and remove users Inject arbitrary web script or HTML Exploit to find another hole View user information |
| CVE Numbers: | CVE-2017-3933 CVE-2017-3934 CVE-2017-3935 CVE-2017-3968 CVE-2017-4011 CVE-2017-4012 CVE-2017-4013 CVE-2017-4014 CVE-2017-4015 CVE-2017-4016 CVE-2017-4017 |
| Severity Rating: | CVE-2017-3933: Medium CVE-2017-3934: Medium CVE-2017-3935: Low CVE-2017-3968: Medium CVE-2017-4011: Medium CVE-2017-4012: Medium CVE-2017-4013: Medium CVE-2017-4014: High CVE-2017-4015: Medium CVE-2017-4016: Medium CVE-2017-4017: Medium |
| Base / Overall CVSS v3 Scores: | CVE-2017-3933: 4.0/3.4 CVE-2017-3934: 5.6/4.7 CVE-2017-3935: 3.1/2.6 CVE-2017-3968: 5.5/5.0 CVE-2017-4011: 6.3/5.6 CVE-2017-4012: 5.7/5.1 CVE-2017-4013: 5.3/4.8 CVE-2017-4014: 8.0/7.2 CVE-2017-4015: 6.4/5.5 CVE-2017-4016: 5.3/4.6 CVE-2017-4017: 5.3/4.8 |
| Recommendations: | Install or update to Network Data Loss Prevention (NDLP) Hotfix 1201697_47868 for NDLP 9.3.4.1.5. Applicable only for VM, 4400, and 5500 platforms |
| Security Bulletin Replacement: | None |
| Affected Software: | NDLP 9.3.x and earlier |
| Location of Updated Software: | http://www.mcafee.com/us/downloads/downloads.aspx |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Article contents:
Description
This update resolves eleven security vulnerabilities:
- CVE-2017-3933: Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3933
https://nvd.nist.gov/vuln/detail/CVE-2017-3933 - CVE-2017-3934: Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3934
https://nvd.nist.gov/vuln/detail/CVE-2017-3934 - CVE-2017-3935: Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3935
https://nvd.nist.gov/vuln/detail/CVE-2017-3935 - CVE-2017-3968: Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-3968
https://nvd.nist.gov/vuln/detail/CVE-2017-3968 - CVE-2017-4011: Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
https://nvd.nist.gov/vuln/detail/CVE-2017-4011 - CVE-2017-4012: Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4012
https://nvd.nist.gov/vuln/detail/CVE-2017-4012 - CVE-2017-4013: Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4013
https://nvd.nist.gov/vuln/detail/CVE-2017-4013 - CVE-2017-4014: Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4014
https://nvd.nist.gov/vuln/detail/CVE-2017-4014 - CVE-2017-4015: Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4015
https://nvd.nist.gov/vuln/detail/CVE-2017-4015 - CVE-2017-4016: Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via the HTTP response header.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4016
https://nvd.nist.gov/vuln/detail/CVE-2017-4016 - CVE-2017-4017: User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4012
https://nvd.nist.gov/vuln/detail/CVE-2017-4017
- McAfee DLP Manager
- McAfee DLP Monitor
- McAfee DLP iPrevent
- McAfee DLP iDiscover
Remediation
These issues are resolved in NDLP Hotfix 1201697_47868 released on October 17, 2017 for VM, 4400, and 5500 platforms.
Apply NDLP Hotfix 1201697_47868 to NDLP 9.3.4.1.5.
Go to the Product Downloads site and download the applicable product hotfix file:
Apply NDLP Hotfix 1201697_47868 to NDLP 9.3.4.1.5.
Go to the Product Downloads site and download the applicable product hotfix file:
| Product | Type | Version | File Name | Release Date |
| NDLP | Hotfix | Hotfix 1201697_47868 | hotfix_1201697_47868_01.tar.gz | October 17, 2017 |
Download and Installation Instructions
See KB56057 for instructions on how to download McAfee products, documentation, security updates, patches, and hotfixes. Review the Release Notes and the Installation Guide, which you can download from the Documentation tab, for instructions on how to install these updates.
Workaround
Before upgrading to NDLP 9.3.4.1, McAfee strongly recommends that you configure system and network access controls to the below best practices:
- Change the default root password of the system to a strong, un-guessable password.
- Place the NDLP Management console only on a trusted network.
- Only give accounts on NDLP systems to personnel with a "need-to-know".
- Place network restrictions such that only NDLP Monitors can communicate with NDLP Managers.
- Only use a single network interface card (NIC) for inter-system communications.
- Present management functions only on a single NIC. Configure the management NIC to accept connections only from a trusted, restricted network.
Acknowledgements
| CVE | Acknowledgements |
| CVE-2017-3933 | State Bank Of India |
| CVE-2017-3934 | State Bank Of India |
| CVE-2017-3935 | State Bank Of India |
| CVE-2017-3968 | State Bank Of India |
| CVE-2017-4011 | David Valles from Deloitte Touche Tohmatsu Services, India LLP |
| CVE-2017-4013 | David Valles from Deloitte Touche Tohmatsu Services, India LLP |
| CVE-2017-4012 | Hari Krishna M from Deloitte Touche Tohmatsu Services, India LLP |
| CVE-2017-4014 | Hari Krishna M from Deloitte Touche Tohmatsu Services, India LLP |
| CVE-2017-4015 | Pramod Potharaju from Deloitte Touche Tohmatsu Services, India LLP |
| CVE-2017-4016 | None |
| CVE-2017-4017 | Hrishikesh Samant from Deloitte Touche Tohmatsu Services, India LLP |
Frequently Asked Questions (FAQs)
How do I know whether my McAfee product is vulnerable or not?
For Endpoint products:
Use the following instructions for endpoint or client based products:
Use the following instructions for Appliance based products:What is CVSS?
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.
When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by successful exploitation of the issue being scored
What are the CVSS scoring metrics that have been used?
CVE-2017-3933: Reflected XSS Attack
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:R
CVE-2017-3934: HSTS Header missing
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:R
CVE-2017-3936: MIME Type Sniffing
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R
CVE-2017-3968: Session Fixation
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CVE-2017-4011: Cross Site Scripting
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L/E:F/RL:O/RC:R
CVE-2017-4012: Privilege Escalation
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVE-2017-4013: Banner Disclosure
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CVE-2017-4014: Session Hijacking
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-4015: HTTP Header Not Set (X-frame-options field not set to Same-origin)
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
CVE-2017-4016: Access-Control-Allow-Methods (OPTIONS method allowed)
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R
CVE-2017-4017: Auto complete off is not set
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Where can I find a list of all security bulletins or how do I report a product vulnerability?
To find a list of all security bulletins, or if you have information about a security issue or vulnerability with a McAfee product, please visit our product security website at: http://www.mcafee.com/us/threat-center/product-security-bulletins.aspx.
For Endpoint products:
Use the following instructions for endpoint or client based products:
- Right-click on the McAfee tray shield icon on the Windows task bar.
- Select Open Console.
- In the console, select Action Menu.
- In the Action Menu, select Product Details. The product version is displayed.
Use the following instructions for Appliance based products:
- Open the Administrator's User Interface (UI).
- Click the About link. The product version is displayed.
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.
When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by successful exploitation of the issue being scored
| Base Score | 4.0 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | High (H) |
| Privileges Required (PR) | High (H) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Changed (C) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | Low (L) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 3.4 |
| Exploitability (E) | Unproven (U) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:R
CVE-2017-3934: HSTS Header missing
| Base Score | 5.6 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | High (H) |
| Privileges Required (PR) | None (N) |
| User Interaction (UI) | None (N) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | Low (L) |
| Availability (A) | Low (L) |
| Temporal Score (Overall) | 4.7 |
| Exploitability (E) | Unproven (U) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:R
CVE-2017-3936: MIME Type Sniffing
| Base Score | 3.1 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | High (H) |
| Privileges Required (PR) | High (H) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | Low (L) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 2.6 |
| Exploitability (E) | Unproven (U) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R
CVE-2017-3968: Session Fixation
| Base Score | 5.5 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | High (H) |
| User Interaction (UI) | None (N) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | None (N) |
| Availability (A) | High (H) |
| Temporal Score (Overall) | 5.0 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (C) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CVE-2017-4011: Cross Site Scripting
| Base Score | 6.3 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | Low (L) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | High (H) |
| Integrity (I) | None (N) |
| Availability (A) | Low (L) |
| Temporal Score (Overall) | 5.6 |
| Exploitability (E) | Functional (F) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L/E:F/RL:O/RC:R
CVE-2017-4012: Privilege Escalation
| Base Score | 5.7 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | Low (L) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | High (H) |
| Integrity (I) | None (N) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 5.1 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVE-2017-4013: Banner Disclosure
| Base Score | 5.3 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | None (N) |
| User Interaction (UI) | None (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | None (N) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 4.8 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CVE-2017-4014: Session Hijacking
| Base Score | 8.0 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | Low (L) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | High (H) |
| Integrity (I) | High (H) |
| Availability (A) | High (H) |
| Temporal Score (Overall) | 7.2 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-4015: HTTP Header Not Set (X-frame-options field not set to Same-origin)
| Base Score | 6.4 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | High (H) |
| Privileges Required (PR) | High (H) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | High (H) |
| Integrity (I) | High (H) |
| Availability (A) | High (H) |
| Temporal Score (Overall) | 5.5 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
CVE-2017-4016: Access-Control-Allow-Methods (OPTIONS method allowed)
| Base Score | 5.3 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | None (N) |
| User Interaction (UI) | None (N) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | None (N) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 4.6 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Reasonable (R) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R
CVE-2017-4017: Auto complete off is not set
| Base Score | 5.3 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | None (N) |
| User Interaction (UI) | None (N) |
| Scope (S) | Unchanged (U) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | None (N) |
| Availability (A) | None (N) |
| Temporal Score (Overall) | 4.8 |
| Exploitability (E) | Proof of Concept (P) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (C) |
NOTE: The below CVSS version 3.0 vector was used to generate this score.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Where can I find a list of all security bulletins or how do I report a product vulnerability?
To find a list of all security bulletins, or if you have information about a security issue or vulnerability with a McAfee product, please visit our product security website at: http://www.mcafee.com/us/threat-center/product-security-bulletins.aspx.
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
- If you are a registered user, type your User Id and Password, and then click Log In.
- If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
Disclaimer
The information provided in this security bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Any future product release dates mentioned in this security bulletin are intended to outline our general product direction and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or cancelled at any time.
