Find a Question:
Symantec warns of vulnerabilities in endpoint protection
Symantec recommends that users of its Endpoint Protection software, SEP, to upgrade their systems. There are three vulnerabilities come to light in the package for central management of security for enterprise environments.
Symantec Endpoint protection Two of the bugs, a cross-site scripting and SQL injection vulnerability, sitting in the control panel of the SEP. That is via a browser accessible, which can be logged in over a network or locally on the SEP management server. If a user is logged on to the console, higher charges may be obtained by xss or sql injection.
The other bug is a driver, SysPlant.sys. it is possible to bypass security checks SEP via the bug in the driver. It comes to protection against turning bad or untrusted code on computers within the network where SEP on running. If the driver does not work anymore, malicious code can be executed.
The advice Symantec states to upgrade as soon as possible to version 12.1 RU6 MP4 Symantec Endpoint Protection. In this version, the vulnerabilities are resolved. The company also advises the adminstrator access to the SEP console to minimize. For the time being it is not known that there is abuse of the vulnerabilities.Viewing:-102
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!