A major security update 16.0.43 closes a vulnerability in McAfee's anti-virus software. Anyone using McAfee Total Protection on Windows should ensure that the application is up to date. Otherwise, attackers could gain access to systems through a security vulnerability and attackers could delete data.

Details about CVE-2022-0280

A race condition vulnerability exists in the Tracker Remover feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

In a Security Bulletin, the software manufacturer assures that users should get version 16.0.43, which is protected against possible attacks, via the automatic update function. The fixed vulnerability (CVE-2021-0280) has a threat level of high.