cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MSchneider
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 21 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

All,

if you are looking for frequent updates, you might want to consider opening a ticket with us. As general rule, our support teams will not provide binding statement on status or timeline as part of a community post.

https://kc.mcafee.com/corporate/index?page=content&id=KB93377 has the current status and information. Once that changes, and once a fix version is available, McAfee will inform customers via SNS.

thanks,

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
tonyssbear
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 22 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hi,

 

Seem still no update yet

BTW, we need time to test Hotfix before deploy to production

May it be any scheduled plan?

 

Regards

Tony

 

mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 23 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hello,

fully understand this but I cannot say any date as I do not know any.
So please monitor the KB until the fix is delivered.

Yesterday, there was another SNS with this content:
"The upcoming Web Gateway releases will address CVE-2020-1472 with our reference ID WP-3024.

McAfee guarantees that this fix will be available before the start of Microsoft's enforcement phase which is scheduled for February 9, 2021.

The solution can’t be made available currently as it is a new implementation of protocols that requires extensive testing.

See KB93377 for further details about the CVE, schedule, and workaround:
 
https://kc.mcafee.com/corporate/index?page=content&id=KB93377"

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

hello, do we have any updates on this release?

mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 25 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hello,

not yet, but official updates will be shared in KB article if available:
https://kc.mcafee.com/corporate/index?page=content&id=KB93377

Regards,
Marcel

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
nashcoop
Level 11
Report Inappropriate Content
Message 26 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

I'd consider switching to kerberos, but I'm concerned about any "gotcha" issues.  We use MCP exclusively and web hybrid.  What are the drawbacks to using kerberos for authentication instead of NTLM? 

jebeling
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 27 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

If you are using MCP exclusively you don't even need to join the domain and you will never encounter the warnings. The only "gotcha" with kerberos is that the group names are SID rather than common name, while you can get common names with NTLM lookup that would give the warnings, so if you need to use common group names then you would need to do the lookup of the group names with LDAP instead. This is part of the Kerberos setup information also in community.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as a Solution and/or Kudo my reply so we can help other community participants?
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 28 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hello,

is really only MCP used for clients to connect to local/cloud MWG?

Because then other authentication methods might be obsolete as you use MCP authentication!?

If cloud receives request from MCP client, then it automatically performs MCP authentication anyway.
If local MWG receives requests via MCP, then you MUST configure MCP authentication rule set as the client request comes in with X-SWEB-Headers containing all important information such as client username, usergroups, IP and so on. MWG is then configured to decrypt these header to retrieve its information and then writes all in the known properties such as Authentication.Username, Authentication.Usergoups etc.
Means, neither Kerberos nor NTLM are necessary.

But at the end, this is just providing information based on guessing as I do not know your setup 😊

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
nashcoop
Level 11
Report Inappropriate Content
Message 29 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

We're running over a dozen MWG appliances, and the director appliance is the only one generating Event ID 5829 on our DC's.  So even though we're running MCP agents exclusively I see both the "Authentication with McAfee Client Proxy" rule in the the rule set, but I also see "Authentication Server" in the rule set and that is enabled with NTLM authentication.  I wonder if that rule is unnecessary since we're running MCP agents, and if the "Authentication Server" rule using NTLM should be disabled?

jebeling
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 30 of 35

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Could you be using NTLM to authenticate administrators? If you are exclusively using MCP to authenticate users and administrators are authenticated by something other than NTLM. You do not need to join the domain for any appliances.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as a Solution and/or Kudo my reply so we can help other community participants?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community