Code Execution Vulnerability Found In Symantec Endpoint Protection – Digitalmunition

Cyber Attack | Data Breach Code Execution Vulnerability Found In Symantec Endpoint Protection

Published on November 17th, 2019 📆 | 7332 Views ⚑


Code Execution Vulnerability Found In Symantec Endpoint Protection

Continuing the trail of vulnerable antivirus tools, now joins Symantec. Researchers have found a serious vulnerability in Symantec Endpoint Protection software. Exploiting this flaw could allow an attacker to execute codes on the target system.

Symantec Endpoint Protection Vulnerability

Researchers from SafeBreach Labs have found a serious vulnerability in another antivirus program. This time, they have found the vulnerability in Symantec Endpoint Protection.

Explaining this local privilege escalation vulnerability in a blog post, the researchers stated,

We found a service (SepMasterService) of the Symantec Endpoint Protection which is running as signed process and as NT AUTHORITYSYSTEM, which is trying to load the following DLL which doesn’t exist:

Thus, it became possible for an attacker to execute code by uploading an arbitrary DLL while bypassing the self-defense mechanism. The researchers have shared the proof-of-concept for the exploit in their report. As stated,

We were able to load an arbitrary Proxy DLL (which loaded another arbitrary DLL) and execute our code within a service’s process which is signed by Symantec Corporation as NT AUTHORITYSYSTEM.

Consequently, exploiting this bug could allow an attacker to gain SYSTEM access, bypass app whitelisting, and persistently run malicious codes.

Symantec Issued A Fix

After discovering the bug, the researchers reported it to Symantec in August 2019, which the vendors confirmed the next day.

Recently, Symantec has issued a fix for this vulnerability assigned with CVE number CVE-2019-12758. The fix for the LPE flaw is already available with Symantec Endpoint Protection 14.2 RU2 release. Hence, the users must ensure upgrading their systems to the patched version to stay protected from potential attacks.

Recently, SafeBreach Labs has also reported vulnerabilities in other critical programs, including all editions of McAfee Antivirus, Check Point’s Endpoint Security Initial Client software for Windows, and Bitdefender Antivirus Free 2020.

Let us know your thoughts in the comments.

The following two tabs change content below.
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *