Your IT Consultant

Zero Day Vulnerability Found in Symantec Endpoint Protection

August 4, 2014

SC Magazine reported that researchers with Offensive Security have discovered a vulnerability in Symantec’s Endpoint Protection (SEP) product that can enable escalation of privileges while they were performing a penetration test of a financial services firm. In other words, this is a security product that isn’t secure.

The flaw is contained in the Application and Device Control driver, which is used in the 11.x and 12.x versions of Endpoint Protection. So far, no known compromises have been reported according to Symantec. At this point it is unclear if users will have to reinstall SEP or if Symantec can issue a patch.

Symantec has posted a technical solution to mitigate the situation while it is being investigated. Symantec recommends disabling or uninstalling the Application and Device Control driver for those running SEP 12.1. It is suggested that SEP 11.x users withdraw the Application and Device Control policy.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com