Symantec Fixes Zero Day

Tuesday, August 12, 2014 @ 11:08 AM gHale


There is now a fix for the Zero Day escalation of privilege vulnerability for Symantec’s Endpoint Protection (SEP) solution.

“The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control,” Symantec officials said in its advisory.

RELATED STORIES
Zero Days: Symantec’s Endpoint Protection
Mitigating Havex, an ICS Threat
Havex an ICS Game Changing Threat
Havex Varient Brings Attack via OPC

“If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer,” they said. There are no known exploits of the vulnerability.

Offensive Security, which discovered the vulnerability and published the exploit code, said there is danger in the vulnerability whether it is remotely exploitable or not.

The vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control, and users should update to 12.1 RU4 MP1b. Symantec Endpoint Protection 12.0 Small Business Edition also suffers from the problem, and users can remove the danger by updating to latest available build of SEP 12.1 Small Business Edition.

Click here for more details about the security weakness, as well as mitigations if the user cannot update.

Symantec will address other Zero Days found in its Endpoint Protection solution shortly.



Leave a Reply

You must be logged in to post a comment.