Zero Days: Symantec’s Endpoint Protection

Thursday, July 31, 2014 @ 01:07 PM gHale

Symantec’s Endpoint Protection product has three Zero Days that could allow a logged-in user to move to a higher access level on a computer, researchers said.

The three flaws, all known as privilege escalation vulnerabilities, ended up discovered during a security test of a financial services company, said Mati Aharoni, lead trainer and developer for Offensive Security.

RELATED STORIES
Mitigating Havex, an ICS Threat
Havex an ICS Game Changing Threat
Havex Varient Brings Attack via OPC
Malware Analysis from ICS-CERT

Offensive Security released a video demonstrating a successful exploit. It plans to preview proof-of-concept code during its “Advanced Windows Exploitation” training class at the Black Hat security conference in Las Vegas next week.

The flaws ended up reported to computer emergency response teams. Symantec said it is aware of the reported flaws and is investigating.

The flaws allow greater access to a computer where a person is already logged in. From there, that access can eventually end up leveraged into system access, which opens up the potential for other attacks, such as dumping hashes or identifying the cache credentials of domain administrators, Aharoni said.

Offensive Security didn’t specifically target Endpoint Security during its penetration test, but realized if it did have a flaw, it would result in a catastrophic compromise, Aharoni said. Endpoint Protection was running on “hundreds if not thousands of computers” in the financial services company, Aharoni said.



Leave a Reply

You must be logged in to post a comment.