Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
976 Views 4 Replies Latest reply: Jan 25, 2013 7:33 PM by vfguy11 RSS
vfguy11 Newcomer 25 posts since
Oct 17, 2012
Currently Being Moderated

Jan 9, 2013 11:46 AM

Patches vs Workarounds

I have opened a ticket with McAfee (SR#3-2666770219) but would like to check with other users on their experiences, and also see this implemented in a future version.

 

I use vuln sets, which contains the rule "Patch Availability equals Patch Available".

 

What I want is:

 

"Patch Availability equals Patch Available" OR "Workaround Exists"

 

Take the case of FID 10588 (one example of many), which is listed as "no patch available".

 

10558 Microsoft Windows Environment Variable Expansion Library Loading Vulnerability A logic error is present in some versions of Microsoft Windows. Medium "Microsoft Windows is an industry standard operating system.

A logic error is present in some versions of Microsoft Windows. The vulnerability is due to Windows not properly expanding some of the values in the PATH environment variable which can result in unexpanded PATH value being used when loading resources. Successful exploitation could allow an attacker to execute arbitrary code by tricking a user to open files located on remote WebDAV or SMB share.
" CVE-2007-6753  "The vendor has released an advisory describing a workaround that can be used to mitigate this issue.

More information can be found at:

http://support.microsoft.com/kb/329308"

 

Currently, in vuln sets, I can only choose:

Patch Available

No Patch Available

Undetermined

N/A

 

I want to be able to include in my reports vulns for which there are workarounds, such as 10588.  After all, I am interested in securing my environment as much as possible - patch avilable or not.

 

To me, the solution would be to add a code "4" in the "patched" field of the "content.vuln" table to indicate that there is a workaround available, and a corresponding condition in the vuln sets to query on this.

 

The repsonse to my ticket was clarification that a patch is a "binary" however that is not my concern.  I'm not interested in the semantics of patch vs workaround.

 

I would like to see the above implemented.  The work required by McAfee would be negligible and would help customers be able to identify possible "workarounds" to increase security.

Thanks,
Joe.

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Jan 10, 2013 5:25 PM (in response to vfguy11)
    Re: Patches vs Workarounds

    Hi Joe,

     

    That's good input.  I think you will need to go down the Product Enhancment Request (PER)  route, since MVM functionality would need to be updated pretty significantly.

     

    You can click on the "submit a feature request" link in the Important Links section of our main page here:

    https://community.mcafee.com/community/business/risk_compliance/vuln

     

    Thanks!
    Cathy

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Jan 25, 2013 5:56 PM (in response to vfguy11)
    Re: Patches vs Workarounds

    Hi Joe,

     

    I reached out to the MVM Product Manager (Darren Thomas), and he said he's talking to another Joe regarding this exact thing - is that you??

     

    As far as "how often these are looked at"  from what I understand PERs are looked at as they come into the system, they are then incorporated into planning discussions for upcoming patch and feature releases. As discussions around these releases progress the PER's are updated accordingly.

     

    I hope that helps!
    Cathy

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points