No available fix yet for zero-day flaws of Symantec's Endpoint Protection

Three zero-day flaws have been found in Symantec's Antivirus Endpoint Protection, with no available fix for all of them yet.

The flaws, which will allow users to switch to higher access levels on computers where they are logged in, are known as privilege escalation vulnerabilities.

The flaws were reported by Offensive Security, which found them during a security test for a financial services company, said Offensive Security developer and lead trainer Mati Aharoni.

Offensive Security, which is famous for the Kali Linux software, posted a short video on its website showing how the flaws can be exploited.

"Ironically, the same software that was meant to protect the organization under review was the reason for its compromise," the company said, adding that it will be publishing and releasing the code for exploit in the coming days.

Offensive Security has already reported the flaws to computer emergency response team, with Symantec also informed of the possible exploits in its antivirus software.

When users take advantage of the flaw to gain complete system access to a computer where they are logged in, many other possibilities for attacks open up, including hash dumping and the identification of the cache credentials of the administrators of the system.

The Endpoint Protection software was used by the financial services company on up to thousands of computers, said Aharoni. Offensive Security did not specifically target the software during its security test, but found out that flaws and the potential for widespread damage if the flaws were exploited.

Symantec released an advisory regarding the issue, stating that the flaws are found in the Application and Device Control component of the software with versions 11.x and 12.x. Symantec added that the flaw is not remotely accessible, and that it only affects computers that are running the affected component.

As Symantec is currently investigating the matter, the company said that the exploit can be addressed by disabling the driver of Application and Device Control or uninstalling the component completely on versions 12.x, or withdrawing the component's policy on versions 11.x.

There is no patch yet to fix what Symantec terms as a "medium severity" vulnerability. The company is currently conducting research to identify the best possible solution for the problem.

Aharoni said that the company will be looking to preview proof-of-concept code for the flaw that was found in the Endpoint Protection software at Offensive Security's Advanced Windows Exploitation, which is a training class to be held at the Black Hat security conference next month in Las Vegas.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics