Softwares Headline

Symantec endpoint zero-day unpatched for months

Written by admin

A vulnerability in Symantec endpoint clients remains unpatched months after disclosure, according to security researchers.

A vulnerability in Symantec endpoint clients remains unpatched months after disclosure, according to security researchers.

The zero-day bug affects a kernel driver in two Symantec products, Symantec Encryption Desktop suite version 10.4.1 MP2HF1 (Build 777) and earlier, module  PGPwded.sys and Symantec Endpoint Encryption version v11.1.3 MP1 (Build 810) and earlier, module eedDiskEncryptionDriver.sys.

The vulnerability allows an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence (MBR/VBR). They also allow the attacker to execute code in the context of the built-in SYSTEM user account, without requiring a reboot.

Symantec was informed of the bug back in mid-July 2017, according to the researchers, but the bug has not been patched to date. “These vulnerabilities remain unpatched at the point of publication.  We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full timeline at the end of this article), however no patch has yet been released. We will continue to work with Symantec to help them to produce an effective patch.  CVE numbers to follow” said the researchers in a blogpost on Nettitude.

One of the researchers involved, Twitter user @kyREcon, who Nettitude credited with the discovery, pointed out that Symantec had been responsive to other less critical bugs reported by the team: “Tbh, they fixed on time several other things that we reported, but they were not as critical as this. Still don’t know what went wrong on prioritizing…”

Here’s a video that demonstrates the exploit and effects: 

This article originally appeared at scmagazineuk.com


Source link

About the author

admin

Leave a Comment