Symantec Endpoint Protection Exploitable Through Privilege Escalation Flaws

July 30th, 2014, 16:53 GMT · By Ionut Ilascu

A set of three zero-day vulnerabilities have been discovered in Symantec’s Endpoint Protection suite during a security auditing session at a company offering financial services.
The evaluation was conducted by a team of experts from Offensive Security, creators of the Kali Linux penetration tool.

They found that the same software designed to protect the company was actually the reason for its compromise.

An exploit has been created, which allows a potential attacker to gain higher privileges on the machine protected by the security suite, and a video was made, proving its success. However, more details about the flaws and the code for the privilege escalation exploit remain unpublished until a later date, according to a post on Offensive Security.

The hackers found multiple vulnerabilities in Symantec Endpoint Protection, but some of them are considered zero-days and have been reported to CERTs (computer emergency response teams).

By acquiring elevated access to the resources of a machine, an attacker could perform unauthorized actions as a system administrator that may lead to total compromise of the system. A privileged user has the possibility to delete files, view private information, as well as add software.

Symantec Endpoint Protection is designed for safeguarding servers and workstations in corporate environments, which makes an attack leveraging its vulnerabilities highly dangerous.

Despite their role to protect computers from malicious attacks, antivirus products are likely to have flaws because they, too, are software programs.

Roy Miehe | | Ceo/President
GFI Max Distributor
Where Service and Technical Skills Count

Tags: , , , , , , ,

Comments are closed.

%d bloggers like this: