Results 1 to 1 of 1
-
6th Aug 2014, 05:32 PM #1
Privilege Escalation Flaws in Symantec Endpoint Protection Fixed
After being alerted about some privilege escalation vulnerabilities in its Endpoint Protection product on July 29, Symantec immediately released an advisory with mitigation solutions, and now it has made available a patch for administrators.
They need to access the FileConnect service and download the Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b), which updates the product to version 12.1.4112.4156. The client update can be applied to version 11.0 of the product too.
Offensive Security, the organization that alerted Symantec of the flaws, developed an exploit to prove unauthorized successful escalation of privileges in the software. With the release of the patch, they also published the exploit code, which is available here.
The immediate measures taken by Symantec as soon as it learned of the security glitches involved making available to customers a workaround solution until the availability of a proper patch.
It consisted in disabling or uninstalling the Application and Device Control (ADC) driver from the affected versions of the product.
The vulnerability (ADC buffer overflow) reported by Offensive Security allows an attacker to gain administrator privileges on the affected machine, which could lead to full compromise of the computer.
However, Symantec labeled it as posing medium risk because the attack cannot be carried out from a remote location.Kepler Reviewed by Kepler on . Privilege Escalation Flaws in Symantec Endpoint Protection Fixed http://i1-news.softpedia-static.com/images/news-700/Privilege-Escalation-Flaws-in-Symantec-Endpoint-Protection-Fixed.jpg After being alerted about some privilege escalation vulnerabilities in its Endpoint Protection product on July 29, Symantec immediately released an advisory with mitigation solutions, and now it has made available a patch for administrators. They need to access the FileConnect service and download the Symantec Endpoint Protection 12.1 Release Update 4 Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
need help in fixing double spacing in wordpres.
By monsterfish in forum Webmaster DiscussionReplies: 6Last Post: 27th Oct 2010, 02:32 AM -
Need some fixing in vB DDL submitter
By pankaj in forum Technical Help Desk SupportReplies: 2Last Post: 8th Jun 2010, 03:26 AM -
columns need to be fixed in forum
By bluedevil in forum vBulletinReplies: 4Last Post: 17th Feb 2010, 03:45 PM -
Fix the cookie problem in vB
By Royal King in forum Tutorials and GuidesReplies: 5Last Post: 7th Feb 2010, 02:28 PM -
Symantec Awarded $18.6 Million In Judgments From Two Anti-Piracy Cases
By DeathKnell in forum News & Current EventsReplies: 4Last Post: 15th Jul 2009, 10:16 AM
themaLeecher - leech and manage...
Version 4.94 released. Open older version (or...