Symantec issues update fixing Endpoint Protection zero-day
Posted on 07 August 2014.
Symantec has issued updates for its Endpoint Protection solution that fix the zero-day escalation of privilege vulnerability recently discovered by Offensive Security researchers.

"The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control," the company explained in the updates advisory.

"If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer," they say, and noted that they are not aware of instances of exploitation of this vulnerability.

They also noted that the vulnerability can't be exploited remotely, but as Offensive Security published the exploit code, the danger is very real.

The vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control, and users are advised to update to 12.1 RU4 MP1b. Symantec Endpoint Protection 12.0 Small Business Edition is also affected, and users can remove the danger by updating to latest available build of SEP 12.1 Small Business Edition, which is not affected.

More details about the security weakness, as well as mitigations (if the update can't be applied immediately) can be found here.

Symantec is expected to address the other zero-days found in its Endpoint Protection solution in due time.

Offensive Security has shared information about some of the found vulnerabilities with CERTs, but others have been studied during the company's Advanced Windows Exploitation (AWE) course at the Black Hat 2014 conference this week.











Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //