FortiClient Vulnerability

Security Vulnerabilities fixed in Data Loss Prevention Endpoint 11.6.100.41

Description

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. ANd Denial of Service allows a local, low privileged, attacker to cause BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.

Affected Applications

Data Loss Prevention Endpoint

CVE References

CVE-2021-23887 CVE-2021-23886

Other References

https://support.mcafee.com/webcenter/portal/supportportal/pages_knowledgecenter

ID	2293
Created	Jul 28, 2021
Description Updated	Nov 03, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	McAfee
Patch	manual
Application	Data Loss Prevention Endpoint

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Security Vulnerabilities fixed in Data Loss Prevention Endpoint 11.6.100.41

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Security Vulnerabilities fixed in Data Loss Prevention Endpoint 11.6.100.41

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center