0-days found in Symantec Endpoint Protection
While testing of the systems and networks of a financial services company, a team of penetration testers from Offensive Security have unearthed a number of vulnerabilities, including three privilege escalation zero-day bugs affecting Symantec Endpoint Protection, the firm’s security software of choice.
“Ironically, the same software that was meant to protect the organization under review was the reason for its compromise,” they noted, and posted a video demonstrating the exploitation of a 0-day in the security solution.
The biggest irony is that Symantec Endpoint Protection, among other things, aims to protect users against zero-day attacks.
The company has shared information about some of the found vulnerabilities with CERTs, but others will be studied during the company’s Advanced Windows Exploitation (AWE) course next week at the Black Hat 2014 conference.
According to Jeremy Kirk, Symantec has also been made aware of the existence of these flaws and they are looking into the matter.
As Joxean Koret, a researcher with Singapore-based Coseinc, has recently noted, installing any application on your computer makes you a bit more vulnerable, and that includes security software.
Your attacks surface increases, and there is no guarantee that the security application itself does not have more or less critical security flaws that can be exploited. Security software is as vulnerable to attacks as any other application, he says, adding that he found that some security solutions can also lower the operating system exploiting mitigations.