cancel
Showing results for 
Search instead for 
Did you mean: 

Mcafee Enterprise 8.5.0i and PCI Compliance

Hello,

We have Mcafee Enterprise 8.5.0i installed on our Windows Server and there seems to be an issue with the 'FrameworkService.exe' being vulnerable to DOS attacks.

There was a reference to KB52556 to update the Framework, however I can't seem to find it anywhere on this site for downloading.

Can someone point be in the right direction?

McAfee Framework ePolicy Orchestrator Remote Format String Vulnerability

The McAfee Framework service is prone to a remote format-string vulnerability

based on the version information returned by the remote service. Successful

exploitation of this issue can allow attackers to execute arbitrary code within the

permissions of the framework. A failed attack will likely cause denial-of-service

(DoS) conditions. McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or

earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0

are vulnerable to this issue; other versions may also be affected but have not been

confirmed.

This finding is based on version information which may not have been updated by

previously installed patches (e.g., Red Hat "back ports"). Please submit a "Patched

Services" dispute in TrustKeeper if this vulnerability has already been patched.

McAfee Common Management Agent 'FrameworkService.exe' Remote Denial

of Service Vulnerability

This host is running a version of McAfee Common Management Agent that is prone

to a memory corruption vulnerability which could allow a remote attacker to crash

the service.

Vulnerabilities which result only in denial of service do not affect PCI compliance;

however, they may still be critical to your systems.

https://kc.mcafee.com/corporate/index?page=content&id=KB52556

2 Replies
Highlighted

Re: Mcafee Enterprise 8.5.0i and PCI Compliance

Hello,

I assume your are trying to download the McAfee Agent package. If this is the case the please go t

1. Access the download site

2. Enter the grant #

3. Select the Product

4. Under Management Solutions select the Agent version you want to download

    PS: I'm not able to access the KB link you provided.

    Thanks!

    Re: Mcafee Enterprise 8.5.0i and PCI Compliance

    I don't believe its McAfee Agent, but more McAfee framework?

    The link that I've provided was quoted from Trustwave's PCI Scan results.

    More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community