A vulnerability in Data Loss Prevention Endpoint has been discovered and resolved.
AFFECTED SOFTWARE
The vulnerability is remediated in these versions:
IMPACT
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10185, Security Bulletin: Data Loss Prevention Endpoint update fixes PAGE_EXECUTE_READWRITE memory vulnerability (CVE-2016-8012)(https://kc.mcafee.com/corporate/index?page=content&id=SB10185
AFFECTED SOFTWARE
- 9.3.600 and earlier
- 9.4.200 and earlier
- 10.0.0 and earlier
The vulnerability is remediated in these versions:
- 9.3.633.3
- 9.4.241.32
- 10.0.100
IMPACT
- CVE-2016-8012 (CVSS: 7.8; Severity: Medium) is a client-side access control vulnerability in Intel Security Data Loss Prevention Endpoint 9.4.200, 9.3.600 allows attackers with Read-Write-Execute permissions to injects hook DLLs into other processes via pages in the target process memory get.
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10185, Security Bulletin: Data Loss Prevention Endpoint update fixes PAGE_EXECUTE_READWRITE memory vulnerability (CVE-2016-8012)(https://kc.mcafee.com/corporate/index?page=content&id=SB10185