PT-2021-15589 · Mcafee · Mcafee Data Loss Prevention Endpoint
Published
2021-04-15
·
Updated
2023-11-15
·
CVE-2021-23887
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
McAfee Data Loss Prevention (DLP) Endpoint for Windows versions prior to 11.6.100
Description:
A local, low-privileged attacker can exploit this issue to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory, and restarting them when they are monitored by McAfee DLP through the hdlphook driver.
Recommendations:
For versions prior to 11.6.100, update to version 11.6.100 or later to resolve the issue. As a temporary workaround, consider restricting access to the hdlphook driver to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Data Loss Prevention Endpoint