After being alerted about some privilege escalation vulnerabilities in its Endpoint Protection product on July 29, Symantec immediately released an advisory with mitigation solutions, and now it has made available a patch for administrators.



They need to access the FileConnect service and download the Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b), which updates the product to version 12.1.4112.4156. The client update can be applied to version 11.0 of the product too.

Offensive Security, the organization that alerted Symantec of the flaws, developed an exploit to prove unauthorized successful escalation of privileges in the software. With the release of the patch, they also published the exploit code, which is available here.

The immediate measures taken by Symantec as soon as it learned of the security glitches involved making available to customers a workaround solution until the availability of a proper patch.

It consisted in disabling or uninstalling the Application and Device Control (ADC) driver from the affected versions of the product.

The vulnerability (ADC buffer overflow) reported by Offensive Security allows an attacker to gain administrator privileges on the affected machine, which could lead to full compromise of the computer.

However, Symantec labeled it as posing medium risk because the attack cannot be carried out from a remote location.
Kepler Reviewed by Kepler on . Privilege Escalation Flaws in Symantec Endpoint Protection Fixed http://i1-news.softpedia-static.com/images/news-700/Privilege-Escalation-Flaws-in-Symantec-Endpoint-Protection-Fixed.jpg After being alerted about some privilege escalation vulnerabilities in its Endpoint Protection product on July 29, Symantec immediately released an advisory with mitigation solutions, and now it has made available a patch for administrators. They need to access the FileConnect service and download the Symantec Endpoint Protection 12.1 Release Update 4 Rating: 5