CVE-2020-7326

Name of the Vulnerable Software and Affected Versions McAfee Active Response versions prior to 2.4.4

Description The issue is related to an improperly implemented security check. This may allow local administrators to execute malicious code by stopping a core Windows service, which leaves the McAfee core trust component in an inconsistent state. As a result, the system fails open rather than closed.

Recommendations For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to core Windows services to prevent them from being stopped by local administrators.