Symantec issues update fixing Endpoint Protection zero-day

Symantec has issued updates for its Endpoint Protection solution that fix the zero-day escalation of privilege vulnerability recently discovered by Offensive Security researchers.

“The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control,” the company explained in the updates advisory.

“If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer,” they say, and noted that they are not aware of instances of exploitation of this vulnerability.

They also noted that the vulnerability can’t be exploited remotely, but as Offensive Security published the exploit code, the danger is very real.

The vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control, and users are advised to update to 12.1 RU4 MP1b. Symantec Endpoint Protection 12.0 Small Business Edition is also affected, and users can remove the danger by updating to latest available build of SEP 12.1 Small Business Edition, which is not affected.

More details about the security weakness, as well as mitigations (if the update can’t be applied immediately) can be found here.

Symantec is expected to address the other zero-days found in its Endpoint Protection solution in due time.

Offensive Security has shared information about some of the found vulnerabilities with CERTs, but others have been studied during the company’s Advanced Windows Exploitation (AWE) course at the Black Hat 2014 conference this week.

Don't miss