Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Zero-day flaws affect Symantec Endpoint Protection

Pen Testers at Offensive Security discovered Zero-day flaws in Symantec Endpoint Protection that could be exploited to gain full system access. Yesterday I reported the results of the study conducted by the security researcher Joxean Koret which publicly revealed a series of flaws affecting 14 of 17 major antivirus engines. The security experts remarked that antivirus products are […]

Zero-day flaws affect Symantec Endpoint Protection

Pen Testers at Offensive Security discovered Zero-day flaws in Symantec Endpoint Protection that could be exploited to gain full system access.

Yesterday I reported the results of the study conducted by the security researcher Joxean Koret which publicly revealed a series of flaws affecting 14 of 17 major antivirus engines. The security experts remarked that antivirus products are solutions like many others and their installation could anyway enlarge the attack surface of users to the potential presence of security flaws.

The Antivirus products are continually challenged by many security experts for their real level of effectiveness, today another news is worrying the cyber security industry: the popular Symantec’s Endpoint Protection product is affected by three zero-day flaws that could be exploited by attackers for privilege escalation.

A privilege escalation attack is a type of attack used to grant the attacker, once already logged in, elevated access to the network and its resources (e.g. data and applications).

Symantec end point protection hacked antivirus

The experts at Offensive Security, best known for Kali Linux penetration testing distro, discovered different critical flaws during an audit of the Symantec’s Endpoint Protection product, some of them will be discussed in a presentation at the next BlackHat conference in August. Offensive Security plans to preview proof-of-concept code during its “Advanced Windows Exploitation” training class at the conference in Las Vegas.

“In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.” states an announcement published by Offensive Security on their website.

The experts at Offensive Security will release the code for the privilege escalation exploit in the next days, meantime, they have already published a video-POC.

 

The three privilege escalation vulnerabilities have been already reported to computer emergency response teams, but Symantec firm hasn’t yet replied.

The representatives of Offensive Security firm didn’t specifically target Endpoint Security during the audit process.

Let’s think about the potential effects of the exploitation on a large-scale of such kind of vulnerabilities affecting Symantect Endpoint Protection products, a bad actor could potentially exploit a critical flaw to gain the access to “hundreds if not thousands of computers” in the financial services company.

Pierluigi Paganini

Security Affairs –  (Antivirus, Symantec )