![]() “The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. The security firm has rated the vulnerability as “medium severity,” but claims to be handling it “with the utmost urgency and care.” There’s no evidence that the flaw is being exploited in the wild, Symantec noted. Endpoint Protection Manager, Symantec Endpoint Protection SBE, SEP.cloud and Symantec Network Access Control are not impacted by the flaw. Symantec says the zero-day presented in the video affects all versions of Endpoint Protection clients 11.x and 12.x running Application and Device Control. The issues will also be reviewed at the company’s Advanced Windows Exploitation (AWE) course at the Black Hat security conference. The vulnerabilities, all of which are local, have been reported to CERT, which in turn notified Symantec, Aharoni told SecurityWeek. ![]() ![]() Mati Aharoni, CEO of Offensive Security, says they have found a total of three zero-days in their initial analysis, two of which they’ve managed to exploit successfully. Offensive Security, which is known for the Kali Linux penetration testing distribution, published a video to demonstrate one of the privilege escalation exploits and promised to provide additional details in the upcoming days. While conducting penetration testing for one of its customers, Offensive Security uncovered three zero-day vulnerabilities in Symantec Endpoint Protection (SEP) that can be exploited for privilege escalation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |