CVE-2021-31847

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.4

Description: The issue is related to improper access control in the repair process, allowing a local attacker to perform a DLL preloading attack using unsigned DLLs. This results in elevation of privileges and the ability to execute arbitrary code as the system user. The vulnerability occurs because a temporary directory used in the repair process is not correctly protected and the DLL signature is not checked.

Recommendations: For versions prior to 5.7.4, update to version 5.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used in the repair process to minimize the risk of exploitation. Additionally, ensure that all DLLs used by the McAfee Agent for Windows are properly signed and validated to prevent unsigned DLLs from being loaded.