Zero Day Exploits Detected In Symantec Endpoint Security.
Early reports today indicate that Symantec’s Endpoint Protection product has (3) three newly detected zero-day flaws that could allow any logged-in user to move up to a higher security access level on any computer, using the software.
The three flaws, all which are known as privilege escalation vulnerabilities, were found during recent security tests made by a financial services company that specializes in security penetration testing software.
Theses flaws have been reported to computer emergency response teams, including Symantec, who indicated that it is aware of the flaws and is currently investigating them.
Specifically, the flaws allow for greater access to a computer where a person is already logged in. This type of access can be used to open up wider system access, and has the potential to allow for other attacks, including those that give the logged in user domain administrator privileges and access. Potentially, this could put your entire network at risk for a variety of attacks.
Because of the large install base of this software product, and the fact that it is more commonly used on large networks, it opens up the possibility for greater harm, should the exploit be used in the wild.
The exploit example also points out the dire need to make sure all systems have the necessary security service packs install and have sufficient security set for system and network users that will minimize, if not prevent any possible attack vectors.
If you would like help in evaluating your vulnerabilities, please contact the CCS Retail Systems Support Department.