• About us
  • Disclaimer
  • Privacy Policy
Wednesday, May 18, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    Cybersecurity Tips to Protect Your Mac

    Nighthawk Mr5100 Bridge Mode

    What are Data Centers, and Why Are They Important

    What are Data Centers, and Why Are They Important?

    Blanket

    The Main Reasons Why Every Home Needs at Least One Faux Fur Throw

    How to Find a Powerful Laptop

    How to Find a Powerful Laptop?

    how to connect second monitor to laptop windows 10

    Is 300 Mbps Good For Gaming

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    Cybersecurity Tips to Protect Your Mac

    Nighthawk Mr5100 Bridge Mode

    What are Data Centers, and Why Are They Important

    What are Data Centers, and Why Are They Important?

    Blanket

    The Main Reasons Why Every Home Needs at Least One Faux Fur Throw

    How to Find a Powerful Laptop

    How to Find a Powerful Laptop?

    how to connect second monitor to laptop windows 10

    Is 300 Mbps Good For Gaming

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Security

McAfee Antivirus Software Vulnerability Allows DLL Hijacking

Melina Richardson by Melina Richardson
in Security, Vulnerabilities
A A

An attacker can circumvent self-defense mechanisms and persistence through a loophole in McAfee’s antivirus software, security researchers from SafeBreach have discovered.

The security flaw could be exploited by loading unsigned DLLs into multiple services operating under NT AUTHORITYSYSTEM. However, operations require admin privileges to the attacker.

Many components of antivirus solutions run as a “NT AUTHORITY\ SYSTEM” Windows service, which means they have strong system permissions, explains SafeBreach.

Get into the Cyber Security Career now!

The processes affected, as discovered by security researchers, try to load a file from the C:\Windows\System32\wbem\wbemcomn.dll path. However, it can not be found because the DLL is located in the System32 folder.

However, the attacker could use this mechanism to load a malicious DLL by placing your file in the wbem folder under the name wbemcomn.dll.

An unprotected library packed with McAfee code would circumvent the anti-virus defense mechanism, which prohibits users and even managers from writing to their files.

Another issue that allows bypass is that the antivirus does not validate the DLL file for the digital signature.

“The vulnerability allows attackers to persistently load and run malicious payloads whenever the services are loaded. It ensures that when the attacker drops a malicious DLL, any time the services restart, the services load the malicious code, “says SafeBreach.

Tracked as CVE-2019-3648, McAfee Anti-Virus Plus (AVP) and McAfee Web Safety (MIS) are affected by vulnerability.

Learn Cyber Security Career Guide here!

McAfee has already updated and has already learnt of the security bug in August and says he is not aware of the risk of attacks.

“Before this update, MTP, AVP and MIS did not check that the correct digital signatures of these third party files were loaded from the appropriate location. This might allow an attacker with administrative privileges to place malicious programs in certain places and load and run the MTP, AVP and MIS programs, “McAfee states in a advisory.

A few weeks ago, SafeBreach discovered that Avast, AVG, and Avira antivirus products have also been affected by DLL hijacking vulnerabilities similarly exploitable by attackers with administrative privileges.

Tags: DLL HijackingMcAfee Antivirus
ShareTweetShare
Previous Post

How to Open Android Phone Exe Files

Next Post

Google Search Queries and GOOGLE DORKS LIST 4500 +

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
GOOGLE DORKS LIST

Google Search Queries and GOOGLE DORKS LIST 4500 +

Please login to join discussion
  • Trending
  • Comments
  • Latest
router

192.168.0.1 – 192.168.1.1 Router Login Password

April 6, 2020
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Best Fiber Internet Broadband Plans in the United States 2022

What is Mimo?

May 18, 2022
Which Type Of Internet Is Best For Streaming

EE Login

May 18, 2022
Best Fiber Internet Broadband Plans in the United States 2022

Poster Ideas For School

May 18, 2022
Organizations are Choosing Cloud VPN Services to Support Remote Work

TP Link AC750 Setup

May 18, 2022
ADVERTISEMENT

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Best Fiber Internet Broadband Plans in the United States 2022

What is Mimo?

May 18, 2022
Which Type Of Internet Is Best For Streaming

EE Login

May 18, 2022
Best Fiber Internet Broadband Plans in the United States 2022

Poster Ideas For School

May 18, 2022
Organizations are Choosing Cloud VPN Services to Support Remote Work

TP Link AC750 Setup

May 18, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • Android
  • Camera
  • computer
  • Cyber Attacks
  • Cyber Security
  • Cybercrime
  • Encryption
  • Error
  • Featured
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Login
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Best Fiber Internet Broadband Plans in the United States 2022

What is Mimo?

May 18, 2022
Which Type Of Internet Is Best For Streaming

EE Login

May 18, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
  • Contact
  • About us
    • Disclaimer
  • Write For Us

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In