cancel
Showing results for 
Search instead for 
Did you mean: 
bgable
Level 11

McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

A vulnerability has been discovered that affects the following versions of VirusScan Enterprise (VSE) and Host Intrusion Prevention (Host IPS):

  • VSE 8.8 Patch 2
  • VSE 8.8 Patch 1
  • VSE 8.7i Patch 5
  • Host IPS 8.0 Patch 1
  • Host IPS 8.0 Patch 2

The CVSS score (http://nvd.nist.gov/cvss.cfm)  for this vulnerability is 5.6, but McAfee recommends that the upgrade and hotfix installation take high priority.

For full instructions and information, see the following articles:

0 Kudos
38 Replies
kink80
Level 12

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

What if we already have a Hotfix checked in for HIPS 8.0 Patch 2 like 771202? Can I check in more than one HF into my Current branch? If so will my clients install both HFs and in the correct order?

Thanks in advance.

ron.sokol
Level 10

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Looks like for VSE it states in the KB:

IMPORTANT: The order of installation is important. For both VSE 8.8 and Host IPS 8.0, Patch 2 must be installed before the accompanying hotfix.

0 Kudos
kink80
Level 12

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Yes I understand that the HF has to be installed after the Patch is installed. My point is that after I have HIPS 8.0 Patch 2 installed I have an older HF (771202) that is also installed after Patch 2 is applied to may machines because it is checked into my ePO server's current branch. I just tried to check the new HF into my test ePO server that also has the older HF for patch2 (771202) and they could not both be checked into the same branch within ePO. So I called McAfee support and they said that I would have to first deploy my older HF to my machines (771202) and then check in the new HF 791162 and deploy it. My question is what do I do with new machines that need both Hotfixes (771202 and 791162)? As is stands right now it looks like I would have to have one checked into the current branch and then have the other one checked into another branch like previous. I would then have to chnage the McAfee Agent policy for the machines to pull the updates from the current branch then switch it to pull from the previous branch in order to get both HotFixes. Am I missing something? Is there an easier way? We have multiple new machines everyday and this seems like a ton of overhead.

0 Kudos
alexn
Level 14

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Yes, We can checkin as many Hotfixes as we want.

Please follow this table tofix this Vulnerability.For VSE 8.8 P1, first apply P2 and then HF 805660.

Affected VersionsRemediation
VSE 8.7i Patch 5Apply HF 792686
VSE 8.8 Patch 1Apply Patch 2** + HF 805660
VSE 8.8 Patch 2Apply HF 805660
Host IPS 8.0 Patch 1Special Considerations*
Host IPS 8.0 Patch 2Apply HF791162 (KB77336)
0 Kudos
kink80
Level 12

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

This has not been my experience. When I attempted to check in 2 hotfixes for HIPS 8.0 Patch 2 into the current branch of the ePO server it would not let me. It would either move one of the hotfixes to another branch or dump it all together. This is also what McAfee support has stated to me today fater sekaing with them on this issue.

0 Kudos
ron.sokol
Level 10

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Oh, I see - well, you can't do more than one to current I don't think, but I believe that the product update task will actually draw from current or eval.  A problem will be making sure the patch 2 isn't in either when the patch/hf task is run.

0 Kudos
kink80
Level 12

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Is there some sort of tool that can combine McAfee Hotfixes into one hotfix like a SuperDAT or similar to facilitate this? I realize this is a newly found vulnerability but when can we expect a patch that includes all of the Hotfixes so we do not have to deploy three separate pieces of software? (HIPS 8.0 P2 Installation, HotFix 771202, and HotFix 791162)

Message was edited by: kink80 on 2/11/13 3:47:17 PM GMT-06:00
0 Kudos
alexn
Level 14

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

Please see below, you can checkin all 3 Hotfixes in the same branch, until or unless same package is already there.

Untitled.jpg

Message was edited by: alexn on 2/11/13 4:07:01 PM CST
0 Kudos
kink80
Level 12

Re: McAfee SNS Notice: Hotfixes Resolve VSE and Host IPS Vulnerability

I have 2 screenshots showing what I mean. In the first screenshot you see that Host Intrusion Prevention Hot fux 8.0.0 771202 is installed in the Current Branch. I then check in Host Intrusion Prevention 8.0.0 Hot Fix 791162 into the Current branch and the second screenshot shows what I get. There is no Hot Fix 771202 at all in any branch and 791162 is in the current branch. ePO First.jpg

ePO Second.jpg

0 Kudos