Bleeping Computer’s article from January 21, 2022, states the following:
McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company’s McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.
McAfee Agent is a client-side component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints.
The company has fixed the high severity local privilege escalation (LPE) flaw tracked as CVE-2022-0166 and discovered by CERT/CC vulnerability analyst Will Dormann issued security updates with the release of McAfee Agent 5.7.5 on January 18.
All McAfee Agent versions before 5.7.5 are vulnerable and allow unprivileged attackers to run code using NT AUTHORITY\SYSTEM account privileges, the highest level of privileges on a Windows system, used by the OS and OS services.
If you are running McAfee Agent, make sure to update and patch to the latest version.