CVE-2022-0129

Name of the Vulnerable Software and Affected Versions McAfee TechCheck versions prior to 4.0.0.2

Description The issue allows a local administrator to load their own Dynamic Link Library (DLL), gaining elevation of privileges to system user. This is achieved by placing a malicious DLL in the same directory where the process is run from.

Recommendations For versions prior to 4.0.0.2, update to version 4.0.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability to place malicious DLLs in the process's run directory to minimize the risk of exploitation.