McAfee McAgent High Risk Software Vulnerability

Photo of McAfee Building

A software vulnerability report relating to computer security giant McAfee‘s McAgent GUI component was posted via the Security Bulletin on the McAfee website. Initially published on September 21st, 2021, the software vulnerability information affecting McAgent has been posted with updated ‘acknowledgments‘ once again on September 28th. The software vulnerability report contains three vulnerabilities in total. Specifically, the information in this article relates to software vulnerability CVE-2021-31841, which was classified as a high-severity vulnerability.

McAfee McAgent

McAfee McAgent (McAfee Interface Management Agent) is the graphical user interface (on-screen GUI) component of the widely used McAfee Security Center. McAgent (system process mcagent.exe) is included with McAfee’s cybersecurity programs and suites. Furthermore, McAgent is usually a ‘buggy’ process that receives a lot of complaints, and one that Windows programs often detect as a false positive for a virus.

The Vulnerability

The software vulnerability report Security Bulletin was released on the official McAfee portal on September 28th, 2021 as an update to the original release which was posted on September 21st, 2021. The technical name of this particular software vulnerability is Untrusted Search Path. According to the Security Bulletin, “In all three issues, the attacker would need to place files on the local machine to exploit them.” McAfee credits L ukasz Rupala from ING TechPL who reported this flaw.

Technical Details

A DLL side loading vulnerability in McAfee Agent for Windows (before version 5.7.4) could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature

Vulnerable Software Versions

McAfee Agent versions 5.74 and below are vulnerable to this issue.

Important User Information

There is a patch available that resolves the software vulnerability security issues. It is recommended that McAfee enterprise users visit the McAfee product downloads section and pick up the latest version of the Security Center. For the consumer version, users can visit the product download pages and grab the fixed version on the consumer portal.

Note: McAfee states that determining whether an ePO/server product is vulnerable can be deduced via the following steps;

“Use the following instructions for server-based products:

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.