Privilege Escalation Flaws in Symantec Endpoint Protection Fixed

[Matsuda]

After being alerted about some privilege escalation vulnerabilities in its Endpoint Protection product on July 29, Symantec immediately released an advisory with mitigation solutions, and now it has made available a patch for administrators.

They need to access the FileConnect service and download the Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b), which updates the product to version 12.1.4112.4156. Theclient update can be applied to version 11.0 of the product too.

Offensive Security, the organization that alerted Symantec of the flaws, developed an exploit to prove unauthorized successful escalation of privileges in the software. With the release of the patch, they also published the exploit code, which is available here.

The immediate measures taken by Symantec as soon as it learned of the security glitches involved making available to customers a workaround solution until the availability of a proper patch.

It consisted in disabling or uninstalling the Application and Device Control (ADC) driver from the affected versions of the product.

The vulnerability (ADC buffer overflow) reported by Offensive Security allows an attacker to gain administrator privileges on the affected machine, which could lead to full compromise of the computer.

However, Symantec labeled it as posing medium risk because the attack cannot be carried out from a remote location.



Source: http://news.softpedia.com/news/Privilege-Escalation-Flaws-in-Symantec-Endpoint-Protection-Fixed-453791.shtml#

[AndyMutz]

Symantec Endpoint Protection English Clients v12.1.4112.4156:

x64: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win64-bit_Client_EN.exe

x86: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win32-bit_Client_EN.exe

-andy-

[Matsuda]

Symantec Endpoint Protection English Clients v12.1.4112.4156:

x64: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win64-bit_Client_EN.exe

x86: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win32-bit_Client_EN.exe

-andy-

Access Denied.

[user@nsaneforums]

Symantec Endpoint Protection English Clients v12.1.4112.4156:

x64: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win64-bit_Client_EN.exe

x86: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win32-bit_Client_EN.exe

-andy-

Access Denied.

open this link first

https://www4.symantec.com/Vrt/offer?a_id=117135

then try to download

[Matsuda]

Symantec Endpoint Protection English Clients v12.1.4112.4156:

x64: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win64-bit_Client_EN.exe

x86: http://anonymz.com/?http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoint_Protection_12.1.4_MP1b_Win32-bit_Client_EN.exe

-andy-

Access Denied.

open this link first

https://www4.symantec.com/Vrt/offer?a_id=117135

then try to download

lol, worked now. thanks man/girl. :)

[Supremo Phantom]

For the latest SEP v12.1.4112.4156 release, download links and additional info shared here:

//www.nsaneforums.com/topic/226939-symantec-endpoint-protection-v12141124156/

Hope this helps.

Thanks.