The Channel logo


By | Shaun Nichols 18th March 2016 00:26

Symantec warns of serious security holes – in Symantec security kit

Even the gatekeepers need patching

Symantec is advising users of its Endpoint Protection (SEP) software to update their systems, after three vulnerabilities were reported in the computer defense tools.

Two of the bugs – a cross-site scripting (XSS) flaw, and a SQL injection vulnerability – are in the SEP Management Console, a web-based portal you can log into over a network or locally on the SEP management server. Both of the programming blunders can be exploited by a user logged into the console to gain higher privileges within the system.

The other bug, in SEP's SysPlant.sys driver, can be exploited to bypass SEP's security controls, which are supposed to stop users from running dodgy or untrusted code on their work PCs. With the driver sidestepped, malicious code can take a shot at attacking a machine.

"Successfully bypassing security controls could potentially result in targeted arbitrary code execution on a client system with logged-on user privileges," Symantec notes. "Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email."

IT admins are advised to update SEP v12.1 and earlier to version 12.1 RU6 MP4. Symantec also recommends that administrators restrict remote access to the SEP console for good measure, and review accounts to make sure only those who need administrative access have it.

The XSS flaw, CVE-2015-8152, can be exploited by a logged-in user who must embed malicious code in a logging script. This code is then executed by the SEPM console, effectively giving the user higher-level access to the SEP control system. Discovery of the vulnerability was credited to Anatoly Katyushin of Kaspersky Labs.

The SQL injection flaw, CVE-2015-8153, can be exploited by a logged-in attacker to hijack the SEPM console and elevate their privileges to administrator level. Discovery credit was, again, given to Katyushin.

The third vulnerability, CVE-2015-8154, regarding the sysplant.sys Windows driver was discovered by the enSilo Research Team.

None of the vulnerabilities has been reported to be targeted in the wild. ®

comment icon Read 5 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe