Trellix Agent: Security Gaps Fixed
Two security gaps that could allow attackers to launch a denial of service and elevate their privileges have been closed in the Trellix agent. Trellix, which emerged from the merger of the IT security companies McAfee and FireEye last year, is based on the products of the former brands.
One of the vulnerabilities is related to insufficient rights assignments in the Agent for Windows version 5.7.8 and earlier installations or updates. Local users could potentially replace an executable file with their own, thereby increasing their rights. The other vulnerability relates to a heap-based buffer overflow in the Trellix Agent for Linux and Windows 5.7.8 or earlier, which could lead to a denial of service.
The updated and bug-fixed version 5.7.9 or newer of the agent can be downloaded from the manufacturer’s website. IT managers must have their access data to download the latest version which addresses these vulnerabilities. Trellix’s security notification explains how to identify the current version of the software in use.
It is important to note that a similar vulnerability affected the McAfee agent in 2020, where the extension of rights was attained via a DLL hijacking gap. McAfee Agent 5.7.7 had resolved this vulnerability. Therefore, it is essential to install updates as soon as possible to ensure security.