HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2019-3621

Authentication protection bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLP Endpoint) for Windows 11.x prior to 11.3.0 allows a physical local user to bypass the Windows lock screen via DLP Endpoint processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.

The fix for CVE-2019-3621 addresses an issue where it was possible to bypass the Windows lock screen. With certain DLP Endpoint configuration options, and when one or more DLP Endpoint processes are killed immediately before the screen is locked or while the screen is locked, an attacker with physical access to the machine can bypass the lock screen by inserting a USB drive into the machine. This would result in a notification window being displayed above the lock screen, through which the attacker could gain access to the user’s session.

McAfee Security Bulletin SB10290


buy me a coffee