Early last week Symantec issued security updates to address 3 critical CVEs (defined) within their Endpoint Protection Manager and Endpoint Protection Client products.
Why Should These Issues Be Considered Important?
Symantec Endpoint Protection Manager (SEPM) was found to be vulnerable to arbitrary Java command execution if an unauthenticated (i.e. a person with no previous access to your Symantec EPM) could access the Java port of the EPM console. In addition, this server was found to not properly handle external data which could lead to code execution with elevated privileges.
The third and final vulnerability was located in the Symantec Endpoint Protection (SEP) clients; which were susceptible to a DLL preloading attack (defined). If an attacker had access to a client and placed a DLL of their choice into an install package for the client, this could have resulted in an attacker being able to run/execute code (allow code of their code to be carried out) of their choice but with System (defined) level privileges meaning that the code could cause a lot more damage than if it had only obtained administrative privileges.
How Can I Protect Myself From These Issues?
Symantec issued a security advisory which contains details of the necessary updates to address these 3 critical issues which were responsibly disclosed (defined) to Symantec. Please note the download link for these updates requires the serial number of your Symantec product in order to proceed.
Moreover, Symantec provides further best practice advise to minimize the impact of these issues within their advisory. They have also released updated IPS (Intrusion Prevention System)(defined) signatures to prevent attempts to exploit the Java Code Execution Elevation of Privilege issue.
If you make use of the affected Symantec corporate anti-malware products within your organization, please install the relevant updates as soon as possible.