cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vfguy11
Level 9
Report Inappropriate Content
Message 1 of 5

Patches vs Workarounds

I have opened a ticket with McAfee (SR#3-2666770219) but would like to check with other users on their experiences, and also see this implemented in a future version.

I use vuln sets, which contains the rule "Patch Availability equals Patch Available".

What I want is:

"Patch Availability equals Patch Available" OR "Workaround Exists"

Take the case of FID 10588 (one example of many), which is listed as "no patch available".

10558 Microsoft Windows Environment Variable Expansion Library Loading Vulnerability A logic error is present in some versions of Microsoft Windows. Medium "Microsoft Windows is an industry standard operating system.

A logic error is present in some versions of Microsoft Windows. The vulnerability is due to Windows not properly expanding some of the values in the PATH environment variable which can result in unexpanded PATH value being used when loading resources. Successful exploitation could allow an attacker to execute arbitrary code by tricking a user to open files located on remote WebDAV or SMB share.
" CVE-2007-6753  "The vendor has released an advisory describing a workaround that can be used to mitigate this issue.

More information can be found at:

http://support.microsoft.com/kb/329308"

Currently, in vuln sets, I can only choose:

Patch Available

No Patch Available

Undetermined

N/A

I want to be able to include in my reports vulns for which there are workarounds, such as 10588.  After all, I am interested in securing my environment as much as possible - patch avilable or not.

To me, the solution would be to add a code "4" in the "patched" field of the "content.vuln" table to indicate that there is a workaround available, and a corresponding condition in the vuln sets to query on this.

The repsonse to my ticket was clarification that a patch is a "binary" however that is not my concern.  I'm not interested in the semantics of patch vs workaround.

I would like to see the above implemented.  The work required by McAfee would be negligible and would help customers be able to identify possible "workarounds" to increase security.

Thanks,
Joe.

4 Replies
cgrim
Level 13
Report Inappropriate Content
Message 2 of 5

Re: Patches vs Workarounds

Hi Joe,

That's good input.  I think you will need to go down the Product Enhancment Request (PER)  route, since MVM functionality would need to be updated pretty significantly.

You can click on the "submit a feature request" link in the Important Links section of our main page here:

https://community.mcafee.com/community/business/risk_compliance/vuln

Thanks!
Cathy

vfguy11
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Patches vs Workarounds

Hi Cathy, I've done that already at the suggestion of tech support.  I submitted a different PER in November and that's not been reviewed yet.  Do you know how often these are looked at?

Thanks.

cgrim
Level 13
Report Inappropriate Content
Message 4 of 5

Re: Patches vs Workarounds

Hi Joe,

I reached out to the MVM Product Manager (Darren Thomas), and he said he's talking to another Joe regarding this exact thing - is that you??

As far as "how often these are looked at"  from what I understand PERs are looked at as they come into the system, they are then incorporated into planning discussions for upcoming patch and feature releases. As discussions around these releases progress the PER's are updated accordingly.

I hope that helps!
Cathy

vfguy11
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Patches vs Workarounds

Hi Cathy, yes I've communicated with Darrin.  He got my old (November) PER submission looked at, but the one I submitted for this issue hasn't been looked at.

I'm not sure the PER's are looked at quite that frequently.

I also received some invitation to a "product advisory council" that I'm not sure has anything to do with this, or if it's something else.

I appreciate the follow-up - very much.  Mvm is a good product, but a couple of relatively simple improvements could make it fantastic.

Thanks again.

Joe.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community