In the General section of the Create Antimalware Policy dialog box, enter a name and a description for the policy. On the Home tab, in the Create group, click Create Antimalware Policy. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Antimalware Policies. In the Configuration Manager console, click Assets and Compliance. If the vulnerability is successfully exploited, the attacker bypasses the ADC to execute malicious code on the system with the same privileges as the logged on user.For a list of settings that you can configure, see List of Antimalware Policy Settings in this topic. The driver prevents untrusted code from running on Windows systems. The third flaw (CVE-2015-8154) was in the SysPlant.sys driver, which Symantec Endpoint Protection loads on Windows clients as part of Application and Device Control (ADC) component. Symantec suggested reviewing existing users to make sure account access is granted to only those administrators who really need it. Authorized users can access the management console over the network or locally from the management server. When the management console processes the script, the code is executed and gives the attacker the privileged rights.Īlong with updating the software, Symantec recommended that IT administrators restrict remote access to the management console. They can intercept lower-level user credentials and bump up the privileges as needed.Īn authorized but less-privileged user could potentially trigger the flaw by embedding the malicious code inside a logging script, Symantec said. These vulnerabilities, if successfully exploited, make it easier for attackers because they no longer need to try to steal administrator-level credentials. The cross-site request forgery flaw (CVE-2015-8152) and SQL injection bug (CVE-2015-8153) in the SEP Management Console can be exploited to give authorized users more elevated privileges than originally assigned.
Customers should update to RU6-MP4 as soon as possible to address these issues," Symantec said in the advisory. "Symantec product engineers have addressed these issues in SEP 12.1-RU6-MP4. Symantec said there were no reports of any of these vulnerabilities being targeted in the wild.
The third bug bypasses security controls on the Symantec Endpoint Protection client software that prevent users from running untrusted software on the targeted system. Two of the flaws, if exploited, could let authorized low-level users gain higher privileges, Symantec said in its advisory. Symantec fixed three high-risk security vulnerabilities in Symantec Endpoint Protection last week, which serves as a reminder: Security software needs to be regularly patched, too.Īll three vulnerabilities were fixed in Symantec Endpoint Protection version 12.1.
0 kommentar(er)
