Two vulnerabilities in ePolicy Orchestrator (ePO) have been discovered and resolved.

AFFECTED SOFTWARE

• ePO 5.1.3 and earlier
• ePO 5.3.2 and earlier

 REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

• ePO 5.1.3, 5.3.1 or 5.3.2 with EPO5xHF1179774  

IMPACT

• CVE-2017-3732 (CVSS: 5.3; Severity: Medium)
  There is a carry propagating bug in the x86_64 Montgomery squaring procedure. NoEC algorithms are affected. Allows attackers to obtain sensitive private-key information via an attack against Diffie-Hellman (DH/DHE) ciphersuite.
• CVE-2016-7055 (CVSS: 3.1; Severity: Low)
  There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Allows attackers to transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10188, Intel Security – Security Bulletin: McAfee products with multiple OpenSSL vulnerabilities
(https://kc.mcafee.com/corporate/index?page=content&id=SB10188)

Advanced Threat Defense (ATD) 3.8.2 is now available. This release includes new features, fixes, and enhancements including:

• Adds support for non-English operating systems to the VMDK Prep Tool
• Corrects issues with creating Windows 10 VMs
• McAfee Advanced Threat Defense database is no longer vulnerable to SQL injection attacks

To download ATD 3.8.2 (system-3.8.2.14.59307.msu), go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx   

For a full list of changes, see the Release Notes in PD26891: https://kc.mcafee.com/corporate/index?page=content&id=PD26891

Five vulnerabilities in EPO have been discovered and resolved.

AFFECTED SOFTWARE

• EPO 5.1.3 and earlier
• EPO 5.3.2 and earlier

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in the following versions:

• ePolicy Orchestrator 5.x with Hotfix 1178101

IMPACT

• CVE-2016-5546 (CVSS: 7.5; Severity: High)
  Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.
• CVE-2016-5547 (CVSS: 5.3; Severity: Medium)
  Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.
• CVE-2016-5552 (CVSS: 5.3; Severity: Medium)
  Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, accessible data.
• CVE-2016-2183 (CVSS: 3.1; Severity: Low)
  The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
• CVE-2017-3252 (CVSS: 5.8; Severity: Medium)
  Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10186: Intel Security - Security Bulletin: Intel Security ePO update fixes multiple Oracle Java vulnerabilities. (https://kc.mcafee.com/corporate/index?page=content&id=SB10186)

McAfee Endpoint Security Threat Intelligence (TIE) 10.2.2 is now available. This patch includes the following fixes for issues:

• Upgrading the TIE client from 10.2.0 to 10.2.2 now completes successfully.
• Driver callbacks required by TIE components are now delivered to the correct destination for proper handling, which ensures that no application runs until it meets the requirements specified in policy settings, including reputation.
• The TIE policy setting “Allow the Threat Intelligence Exchange server to collect anonymous diagnostic and usage data” applies only to optional statistics collection by clients. File and certificate metadata telemetry is now processed by the Threat Intelligence Exchange server.

To download McAfee Endpoint Security Threat Intelligence 10.2.2 go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.   

For a full list of changes, see the Release Notes in PD26875 : https://kc.mcafee.com/corporate/index?page=content&id=PD26875
 
For a list of Known Issues, see KB82450: https://kc.mcafee.com/corporate/index?page=content&id=KB82450

A critical vulnerability in epolicy Orchestrator (ePO) 5.X has been discovered and resolved.

AFFECTED SOFTWARE

• ePO 5.1.3 and earlier
• ePO 5.3.2 and earlier

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

• ePO 5.1.3 Hotfix 1167014
• ePO 5.3.1 Hotfix 1179709
• ePO 5.3.2 Hotfix 1167013

IMPACT

• CVE-2016-8027 (CVSS: 10.0; Severity: Critical) A specially crafted HTTP post can allow an aggressor to alter a SQL query which can result in disclosure of information within the database or impersonation of an agent without authentication.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10187,
Intel Security - Security Bulletin: ePO update fixes cross-site scriptingSQL Injection vulnerability. (https://kc.mcafee.com/corporate/index?page=content&id=SB10187

McAfee Labs has released an updated Threat Advisory for W32/Disttrack.

Overview

W32/DistTrack is detection for a worm malware that has extremely destructive behavior. Machines infected by it are rendered useless because most of the files, the Master Boot Record (MBR), and the partition tables are overwritten with random data. The overwritten data is lost and is not recoverable. The system is rendered unbootable.

For details, see Knowledge Base document PD23936 at
https://kc.mcafee.com/corporate/index?page=content&id=PD23936. 

A vulnerability in Data Loss Prevention Endpoint has been discovered and resolved.

AFFECTED SOFTWARE

• 9.3.600 and earlier
• 9.4.200 and earlier
• 10.0.0 and earlier

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

• 9.3.633.3  
• 9.4.241.32
• 10.0.100

IMPACT

• CVE-2016-8012 (CVSS: 7.8; Severity: Medium) is a client-side access control vulnerability in Intel Security Data Loss Prevention Endpoint 9.4.200, 9.3.600 allows attackers with Read-Write-Execute permissions to injects hook DLLs into other processes via pages in the target process memory get.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10185, Security Bulletin: Data Loss Prevention Endpoint update fixes PAGE_EXECUTE_READWRITE memory vulnerability (CVE-2016-8012)(https://kc.mcafee.com/corporate/index?page=content&id=SB10185

MOVE AV Multi-Platform 3.6.1 Client Hotfix 1148685 is now available. This hotfix resolves an issue where access is denied on a file that resides on a shared folder, when the file attribute is set to 'read only' and the MOVE On Access Scan policy has been set to use the 'When reading from disk' option.

To download MOVE AV Multi-Platform 3.6.1 Client Hotfix 1148685:

1. Go to the McAfee ServicePortal at https://support.mcafee.com.
2. Log in using a valid grant number. 
3. Search for 1148685, and then download the hotfix.

For a full list of changes, see the Release Notes in PD26870:
https://kc.mcafee.com/corporate/index?page=content&id=PD26870

Threat Intelligence Exchange 2.0.1 is now available. This release includes new features, fixes, and enhancements including:

• McAfee® Linux Operating System (MLOS) kernel version upgraded to 3.18.44-1 to solve the Dirty COW (CVE-2016-5195) privilege escalation vulnerability
• Multiple performance improvements to maximize throughput
• Improved health monitoring

To download Threat Intelligence Exchange 2.0.1, go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.   

For a full list of changes, see the Release Notes in PD26865:
https://kc.mcafee.com/corporate/index?page=content&id=PD26865.