Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hundreds of thousands of Symantec users open to remote attacks

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 29, 2016

There's a good chance that hundreds of thousands of enterprise and home users using Symantec products are open to remote compromise attacks through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'this is as bad as it gets'.

The security issues are 100 percent reliable against Symantec's Norton Antivirus and Endpoint according to renowned hacker Tavis Ormandy from Google's Project Zero initiative.

"These vulnerabilities are as bad as it gets," Ormandy asserted the public. "They don’t require any user interaction, yet they affect the default configuration, and the software runs at the highest privilege levels possible."

It could easily result in a worm which could realistically spread rapidly between Symantec users via email or web links.

Worse: potential victims would not even need to open the malicious files to be compromised.

"An attacker could easily compromise an entire enterprise fleet using a security vulnerability like this," Ormandy warns.

"Overall, network administrators should keep scenarios like this in mind when deciding to deploy anti-virus software because it’s a significant tradeoff in terms of increasing attack surface."

Affected products include Norton Security, Norton 360, Endpoint Protection, Email Security, the Protection Engine, and a few others.

And it's important to note that some of those platforms cannot even be upgraded. The many users of illegal and pirated copies of Symantec's products would also likely be affected since many cracked applications block update mechanisms, further compounding the issue.

The security problems lie in part with Symantec's unpacking engines which run in the kernel. The company also used code for its decomposer that was derived from open source libraries such as libmspack and unrarsrc which had not been updated for some seven years or more.

Symantec is the latest to fall to Ormandy's security testing of antivirus products, but has fallen hardest. Comodo, ESET, Kaspersky, and Fireeye are also among those tested, and they too had some flaws, but not as bad as Symantec.

Symantec has posted a security notice confirming the flaws. It says it has added "additional checks" to its secure development lifecycle in an effort to better detect similar security flaws in the future, adding that it has not seen in-the-wild attacks.

It added that users should:

  • Restrict access to administrative or management systems to authorized privileged users only.

  • Restrict remote access, if required, to trusted / authorized systems only.

  • Run under the principle of least privilege where possible to limit the impact of potential exploit.

  • Keep all operating systems and applications current with the latest vendor patches.

  • Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats.

  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent security vulnerabilities.
  • As it's always the case, it's 'User Beware'. The onus always rests on the final user of the software. If something doesn't look right, maybe it's not and should be rapidly and carefully investigated by the user.

    Additionally, you should *never* open email attachments from people or organizations you don't know or don't trust. About 70 percent of most malware today is propagated through email attachments opened by unsuspecting users.

    Source: Google Project Zero Initiative.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer