Critical Symantec Endpoint Protection Vulnerability
Google's "Project Zero" released details about a number of critical vulnerabilities in Symantec's Endpoint Protection prodoct [1]. The vulnerabilities allow for arbitrary code execution on systems with this product installed. Other Symantec products are affected as well , since the vulnerabilities affect the core scanning engine in Symantec Endpoint Protection.
Symantec has released updates, and given the details released by Google you should update as soon as possible. You will need to update the actual Symantec product, which is different from performing a signature update (the signature update happens automatically)
[1] http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
Keywords:
7 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
Anonymous
Jun 29th 2016
8 years ago
Anonymous
Jun 30th 2016
8 years ago
Anonymous
Jun 30th 2016
8 years ago
"But we've done it that way for decades! What could possibly go wrong?"
Anonymous
Jun 30th 2016
8 years ago
This is a product that would touch almost each and every endpoint in an organisation. Before rolling out it would have to go through a process of testing to ensure that it does not bring with it any instability or incompatibility that wasnt present in past versions.
I would expect to see at least a 2 month gap before mass rollouts happen.
Anonymous
Jul 2nd 2016
8 years ago
Anonymous
Jul 3rd 2016
8 years ago
It would be interesting to know if AV would benefit from the opt-in protections of EMET.
Typically I think of high risk user apps for ideal targets with EMET (Docs, Browsers, Email, Flash, etc.) and I never considered AV as a candidate, but seems like the attacks(Heap, Pool, ROP) should be right up EMETs ally unless the level of privileges or way the unpacking is done in kernel makes EMET unable to protect the memory?
Anonymous
Jul 5th 2016
8 years ago