On the 17th of March Symantec issued security updates to address 3 critical CVEs (defined) within their Endpoint Protection Manager and Endpoint Protection Client products. All versions prior to 12.1-RU6-MP4 are affected.
Why Should These Issues Be Considered Important?
Symantec Endpoint Protection Manager (SEPM) was found to be vulnerable to three security issues (discussed below):
The first issue was a cross-site request forgery vulnerability (defined here, here and here) caused by insufficient security checks. If exploited this issue could allow an attacker to execute arbitrary code (run or carry out any steps/instructions of their choice) with the permissions/access of the logged in user. This could result in the attacker obtaining unauthorized and/or elevated access to the Symantec Endpoint Protection Manager (SEPM) management console.
An SQL injection issue (defined) was found in SEPM which if exploited would again possibly allow an attacker to obtain unauthorized and/or elevated access (up to administrative level (defined) of access) to the Symantec Endpoint Protection Manager (SEPM) management console.
The final issue involves the Application and Device Control (ADC) installed on a Symantec Endpoint Protection client. Despite a previous security update this driver (defined) does not sufficiently validate external input. If an attacker were to exploit this, they could execute arbitrary code with the permissions/access of the logged on user. However, to exploit this, the attacker would first require the user to click on a malicious link or open a specifically crafted document. This link and/or document could be present on a website or received via email.
How Can I Protect Myself From These Issues?
Symantec issued a security advisory which contains details of the necessary updates to address these 3 critical issues which were responsibly disclosed (defined) to Symantec. Please note the download link for these updates requires the serial number of your Symantec product in order to proceed.
Moreover, Symantec provides further best practice advise to minimize the impact of these issues within their advisory and to mitigate the third issue discussed above during the time before you apply the necessary updates.
If you make use of the affected Symantec corporate anti-malware products within your organization, please install the relevant updates as soon as possible.