Critical Vulnerabilities Completely Compromise 'Symantec Endpoint Protection' - WSPA.com

Critical Vulnerabilities Completely Compromise 'Symantec Endpoint Protection'

Information contained on this page is provided by an independent third-party content provider. WorldNow and this Station make no warranties or representations in connection therewith. If you have any questions or comments about this page please contact pressreleases@worldnow.com.

SOURCE SEC Consult Security Advisory

VIENNA, February 18, 2014 /PRNewswire/ --

The award-winning [1] and longtime leader of Gartner report league tables [2]; 'Symantec Endpoint Protection', developed by the US-based Symantec Corp. (Nasdaq: SYMC), was shipped without removing several critical security vulnerabilities [3]. The vulnerabilities were discovered in a routine '99er' security crash test by experts of the SEC Consult Vulnerability Lab (http://www.sec-consult.com). In a 99er security crash test, SEC Consult white-hat experts evaluate the product security for the maximum of 99 working hours to determine if this specific release of a product can be compromised by attackers.

The unremoved vulnerabilities enable state-sponsored or criminal hackers to take full control of the 'Symantec Endpoint Protection Manager' server. With the full control of the server the attackers could obliterate the endpoint protection provided by the Symantec solution as they would have full access to the protection features of the endpoints. SEC Consult experts recommend immediately installing the update released by the vendor to counter these vulnerabilities [4].

Since mid-2012 SEC Consult has identified several critical vulnerabilities in other Symantec products during routine security tests. A Support Backdoor was identified in Symantec Messaging Gateway [5] and for the Symantec Web Gateway [6]. The vulnerabilities found enabled attackers to run commands with the privileges of the 'root' operating system user and to perform surveillance activities.

SEC Consult strongly advises that customers of Symantec products should demand from the vendor exhaustive security tests by (European) security experts before the implementation of the respective software product.

SEC Consult generally recommends routine security crash tests for standard software products to prevent the procurement of 'toxic' (i.e. heavily insecure) software. Toxic Software contains severe security vulnerabilities and poses a severe and highly probable risk to the confidentiality, availability and integrity of its owner.

Further technical information can be found in the SEC Consult Security Advisory [3].

[1] http://www.scawardseurope.com/2013-winners

[2] http://www.symantec.com/connect/blogs/symantec-named-leader-gartner-magic-quadrant-endpoint-protection-platforms-12-year-span

[3] https://www.sec-consult.com/de/Vulnerability-Lab/Advisories.htm

[4]http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

[5] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a99

[6] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a131 

For further information please contact:
Johannes Greil
Head of SEC Consult Vulnerability Lab
Phone: +43189030430
research@sec-consult.com

©2012 PR Newswire. All Rights Reserved.

  • Top StoriesTop StoriesMore>>

  • Union Sheriff: Judicial System Failing Citizens After Robbery Arrests

    Union Sheriff: Judicial System Failing Citizens After Robbery Arrests

    Wednesday, April 23 2014 3:42 PM EDT2014-04-23 19:42:28 GMT
    Several law enforcement agencies across the Upstate say they have two suspects in custody who were involved in a string of armed robberies in at least 10 jurisdictions dating back about one month.
    Several law enforcement agencies across the Upstate say they have two suspects in custody who were involved in a string of armed robberies in at least 10 jurisdictions dating back about one month.
  • No Suspension For Simpsonville Mayor Eichor Until May

    No Suspension For Simpsonville Mayor Eichor Until May

    Wednesday, April 23 2014 2:27 PM EDT2014-04-23 18:27:21 GMT
    Simpsonville Mayor Perry Eichor won't be suspended from office by Governor Haley until at least next month. The governor indicated she would suspend Eichor once she got indictments against him.
    Simpsonville Mayor Perry Eichor won't be suspended from office by Governor Haley until at least next month. The governor indicated she would suspend Eichor once she got indictments against him.
  • Gaffney Woman Dies From Vehicle Crash Injuries

    Gaffney Woman Dies From Vehicle Crash Injuries

    Wednesday, April 23 2014 11:15 AM EDT2014-04-23 15:15:32 GMT
    The Cherokee County Coroner says a 73-year-old Gaffney woman injured in a car accident last week has died.The Cherokee County Coroner says a 73-year-old Gaffney woman injured in a car accident last week has died.
    The Cherokee County Coroner says a 73-year-old Gaffney woman injured in a car accident last week has died. Coroner Dennis Fowler says Rachel Lail Smith died Tuesday night at 10 at Spartanburg Regional Medical Center.
    The Cherokee County Coroner says a 73-year-old Gaffney woman injured in a car accident last week has died. Coroner Dennis Fowler says Rachel Lail Smith died Tuesday night at 10 at Spartanburg Regional Medical Center.
Powered by WorldNow

250 International Dr.
Spartanburg, S.C. 29303

Telephone: 864.576.7777
Fax: 864.587.5430
Email: webmaster@wspa.com

Can't find something?
Powered by WorldNow
All content © Copyright 2000 - 2014 Media General Communications Holdings, LLC. A Media General Company.