Researchers recently disclosed a number of vulnerabilities found in Symantec’s endpoint protection products, one of which was classified as a zero-day vulnerability, allowing attackers to gain full privileges on an affected system, the US-CERT team warns.
Offensive Security’s research team reported the various bugs were discovered after performing an audit on Symantec’s solution.
“Ironically, the same software that was meant to protect the organization under review was the reason for its compromise,” read the team’s blog post.
The vulnerability is found to affect all versions of Symantec Endpoint Protection (SEP) Client 12.x and 11.x running Application and Device Control.
The following versions are not affected:
- SEP Manager
- SEP Protection 12.1, Small Business Editions
- Symantec Network Access Control
Symantec confirmed the issue in its services and released a critical update, stating, “If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer.”
In addition to the critical flaw, researchers reported other vulnerabilities that are being reviewed during Offensive Security’s Advanced Windows Exploitation (AWE) course at the Black Hat USA conference this week.
Offensive Security plans to make the exploit code available soon and posted a demo video demonstrating the exploitation process: