How to update and verify your McAfee software on Windows[^1^]

MID 88 ReadMe.txt Release Notes for McAfee(R) Installation Designer(TM) Version 8.8 Copyright (C) 2010 McAfee, Inc. All Rights Reserved Thank you for using McAfee Installation Designer (MID) software. This file contains important information regarding this release. We strongly recommend that you read the entire document. IMPORTANT: McAfee strongly recommends that you use any pre-release software (beta or release candidate) in a test environment only. Pre-release software should not be installed in a production environment. McAfee does not support automatic upgrading of a pre-release version of the software. To upgrade to a later beta release, a release candidate, or a production release of the software, you must first uninstall the existing version of the software. __________________________________________________________ WHAT'S IN THIS FILE - New Features - System Requirements - Installation Instructions - Known Issues - Documentation - License Attributions __________________________________________________________ NEW FEATURES This release of McAfee Installation Designer supports the following: - Installing VirusScan Enterprise 8.8 product package and settings files - Installing VirusScan Enterprise 8.8 patches and hotfixes Page 1

Every vulnerability that has been detected gets ranked by a Common Vulnerability Scoring System (CVSS) and is denoted by a CVE serial number (CVE-Year-XXXXXX) that is used to track its status. For example, the log4j vulnerability, which impacted millions of systems worldwide, was ranked 10 out of 10. The updates are prioritized and released depending on that score.

mcafee 8.8 patch 2 Serial Key

With a CVSS score of 7.8 and regarded as a high risk, AppleAVD vulnerability (CVE-2022-46694) increases the potential risk of a malicious video file writing out-of-bound and executing kernel code. Although user interaction is required for the vulnerability to be efficacious, risky downloaded videos may present issues with privacy and cybersecurity with this. The vulnerability was patched with improved input validation.

With a medium CVSS rating of 5.5, the CVE-2022-42846 Graphics Driver vulnerability is capable of terminating systems through buffer overflow with malicious video files crafted for that particular purpose. Although user interaction is required, the impact of such attacks has severe implications on user experience and integrity. The issue was patched in the security update 15.7.2 with improved memory handling.

Websites without security certifications and compliances often contain malicious codes that may lead to cybersecurity issues. As these malicious actors do their best to hide the fact, this particular WebKit issue (CVE-2022-46691) comes with a CVSS score of 8.8 and is considered a direct threat to the security of iPhones and iPads. This was patched in the latest update through improved memory handling.

CVE-2022-34713 is credited to security researcher Imre Rad, who first disclosed the flaw in January 2020. At the time, Microsoft chose not to patch the flaw. However, following renewed interest in MSDT spurred by the discovery and exploitation of CVE-2022-30190 (aka Follina), Microsoft patched the flaw this month.

A variety of attackers have incorporated Follina into their campaigns according to researchers at Proofpoint, Symantec and Cyberint, so we strongly advise organizations apply the available patches for these similar vulnerabilities as soon as possible.

In March of 2022, Microsoft patched CVE-2022-24508, another similar RCE vulnerability impacting SMBv3. Fortunately that flaw has not seen exploitation in the wild, however any flaws impacting SMB always raise concerns of another WannaCry scenario. We strongly recommend patching this vulnerability as soon as possible. Microsoft does provide workaround guidance for organizations that are not able to immediately patch.

When McAfee VirusScan Enterprise 8.8 patch 1 and higher is installed on your Citrix workers, the warning MFEHIDK is written to the system log four times every ten minutes. In this article, the main focus lies on analyzing the McAfee MFEHIDK event log warning using Process Explorer.To my knowledge, a solution or workaround does t exist. Only McAfee is able to provide a solution. Continue reading to find out why.

The issue is quite simple; when McAfee VirusScan 8.8 patch 1 or higher is installed on your Citrix worker, the system log is flooded with warnings. Every ten minutes, four warnings with the source name MFEHIDK and event ID 516 are written to the system log.

As you can see, analyzing the McAfee MFEHIDK event log warning with Process Explorer explains the flooding of the system log on your Citrix workers. Besides the flooding of the event log (four warnings every ten minutes), I am not aware of any negative impact on system performance.Unfortunately, there is no solution or workaround to stop this behavior. Only McAfee can solve this issue. I hope that in one of their future patches McAfee will include the Citrix DLLs to their internal list of trusted code.

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Our records for the product show a somewhat patchy history lately, with three passes and two fails from five entries in the last six tests; four passes, four fails and four tests not entered in the last two years. A single minor issue was observed during testing, when a large log file failed to fully export properly, but the problem did not recur and testing completed just within the 24 hours allotted to the product.

Detection rates were very good in the main sets and decent in the RAP sets, with scores declining very slightly through the weeks. The core certification sets were handled perfectly, earning McAfee another VB100 award. The product seems to be recovering from something of a rough patch, with two passes and one fail in the last six tests, and three not entered; six passes and two fails over the past two years, with four tests skipped. No problems were observed this month, and testing completed in good time, around the one day hoped for from all products. 2ff7e9595c