CVE-2022-0280

Name of the Vulnerable Software and Affected Versions McAfee Total Protection versions prior to 16.0.43

Description A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows, allowing a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. The attack exploits the way symlinks are created and how the product works with them.

Recommendations For versions prior to 16.0.43, update to version 16.0.43 or later to resolve the issue. As a temporary workaround, consider disabling the QuickClean feature until a patch is available. Restrict access to sensitive files to minimize the risk of exploitation.