Symantec Addresses Information Disclosure Issue within Endpoint Encryption Products

Earlier this month made available a security update to address a medium severity information disclosure issue (which was assigned one CVE (defined) number) within their Endpoint Encryption product (version 11.0 and earlier).

Why Should This Issue Be Considered Important?
The Symantec Endpoint Encryption (SEE) client (which would be installed on servers, workstations and laptops) was found to be vulnerable to a forced memory dump issue within the SEE Framework Service, (EACommunicatorSrv.exe). If an authorized but unprivileged user has access to a system with the vulnerable version of Endpoint Encryption installed, they could potentially obtain from the forced memory dump Domain user credentials of the SEE Management Server (SEEMS). Using these credentials, they could obtain unauthorized access to further systems using the management server.

How Can I Protect Myself From This Issue?
Symantec issued a security advisory which contains details of the necessary update to address this issue which was responsibly disclosed (defined) to Symantec. Please note the download link for this update requires the serial number of your Symantec product in order to proceed.

Moreover, Symantec provides further best practice advise to minimize the impact of this issue within their advisory.

If you are using the affected Symantec corporate encryption product within your organization, please install the relevant update as soon as possible.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.