PT-2021-15588 · Mcafee · Mcafee Data Loss Prevention Endpoint
Published
2021-04-15
·
Updated
2023-11-15
·
CVE-2021-23886
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
McAfee Data Loss Prevention (DLP) Endpoint for Windows versions prior to 11.6.100
Description:
A Denial of Service issue allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the process's memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.
Recommendations:
For versions prior to 11.6.100, update to version 11.6.100 or later to resolve the issue. As a temporary workaround, consider restricting access to the hdlphook driver to minimize the risk of exploitation.
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Data Loss Prevention Endpoint