Loading...
Skip to content
 
Urgent Announcement

McAfee is receiving multiple reports of modified Petya ransomware variants. McAfee Labs is receiving various samples which are in analysis, and can confirm that McAfee Global Threat Intelligence (GTI) is protecting against current known samples at the low setting.

  • Extensions currently known as being affected are:  .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf, .ppt, .pptx, .pst, .pvi, .py, .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, .zip
  • We have confirmed with the samples that SMB is being used as a propogation method, and are aware of reports that RDP may also be used but have yet to confirm this.
  • After encryption, impacted systems may show a ransom screen and suggest a system reboot after which the system will not be accessible.

McAfee has released an Extra.DAT to include coverage for this threat — it is attached to KB89540.

 

Continuing Information

McAfee will continue to post more information in Knowledge Base article KB89540 (https://kc.mcafee.com/corporate/index?page=content&id=KB89540) as available.

To receive information about McAfee product updates, sign up for the Support Notification Service (SNS) at https://sns.secure.mcafee.com/signup_login

Knowledge Center

Begin your search by entering a search term or a product. Entering both may provide more relevant search results. Search Tips
Reset|Share This Search
Search Results Feedback »
Collapse Pane
Sort By:
Sort By:
Technical Article
McAfee Web Gateway (MWG) 7.x. MWG uses the vulnerable glibc, but McAfee has determined that there is no attack vector for the MWG proxy for user traffic due to the fact that MWG uses a different implementation for DNS lookups (uDNS). Nevertheless,
Last Modified Date:4/6/2017
Technical Article
McAfee Threat Intelligence Exchange Server (TIE) 1.x. CVE-2015-5621: The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails,
Last Modified Date:4/8/2017
Technical Article
Network Security Manager (NSM) 7.1, 8.x. CVE-2015-5477 has been reported against BIND: Named in ISC BIND 9.x (before 9.9.7-P2) and 9.10.x (before 9.10.2-P3), allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon
Last Modified Date:8/20/2015
Technical Article
McAfee Network Data Loss Prevention (Network DLP) 9.3.x. Some third-party security scanning tools have reported that Network DLP 9.3.x is vulnerable to the following: CVE-2015-8000 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8000 db.c
Last Modified Date:8/16/2016
Technical Article
McAfee ePolicy Orchestrator (ePO) 5.3.0. This document describes the support position of Sustaining Engineering relative to a McAfee application. Overview This document addresses concerns about ePO and the decryption of the db.properties file
Last Modified Date:4/6/2017
Technical Article
This issue exists only when too much privilege has been granted to an account that is used to retrieve McAfee product updates from UNC shares and other update sites.. McAfee Agent 5.x, 4.x McAfee ePolicy Orchestrator 5.x McAfee VirusScan Enterprise
Last Modified Date:4/7/2017
Technical Article
McAfee Advanced Threat Defense (ATD) 3.4.x McAfee Advanced Threat Defense (ATD) 3.6.x. This article lists vulnerabilities (CVEs) that Technical Support has investigated and concluded represent no risk to the ATD appliance when installed in a
Last Modified Date:10/12/2016
Technical Article
McAfee ePolicy Orchestrator (ePO) 5.x. This document describes the support position of Sustaining Engineering relative to a McAfee application. Overview This document addresses concerns about ePO and a series of potential OpenSSL vulnerabilities.
Last Modified Date:4/6/2017
Technical Article
McAfee Network Security Sensor Appliance 8.x, 7.x. The vulnerability CVE-2015-4000 has been reported against the TLS protocol. TLS protocol 1.2 and earlier does not properly convey a DHE_EXPORT choice when a DHE_EXPORT cipher suite is enabled on a
Last Modified Date:6/11/2015
Technical Article
McAfee Content Security Reporter (CSR) 2.x, 1.x. CSR uses SSL 3.0, which is vulnerable to CVE-2014-3566, in the following cases: When it acts as a client: Collecting logs from SaaS Web Protection Service or Web Gateway 6.x Checking for product
Last Modified Date:4/7/2017
Page 1 of 13Next Page
Results: 1 - 10 of 124|
Per Page