No patch yet for zero day in Symantec Endpoint Protection software driver

Symantec has published recommendations for mitigating the danger

A zero-day flaw in a software driver in Symantec's widely used Endpoint Protection product may be tricky to fix.

The flaw is contained in the Application and Device Control driver, which is in Endpoint Protection versions 11.x and 12.x, the security company wrote in an advisory on Wednesday.

The vulnerability in Endpoint Protection was found by training and penetration testing company Offensive Security, one of three it uncovered in the product during a recent penetration test of a financial services firm.

All are privilege escalation vulnerabilities, which would allow a user with restricted access to gain higher access on a computer, which could be parlayed into broader network access.

So far, no known compromises have been reported, Symantec said, writing that the medium severity flaw is being handled "with the utmost urgency and care."

Software drivers are not easy to upgrade. It wasn't clear if users will have to reinstall Endpoint Protection with an upgraded driver or if Symantec can issue a patch.

The disclosure comes as a researcher from Singapore security firm COSEINC warned antivirus programs frequently have security flaws, making the applications prime targets for attack due to their deep integration with a computer's operating system.

Mati Aharoni, lead trainer and developer for Offensive Security, said the company plans to preview proof-of-concept code for the Endpoint Protection flaw during its Advanced Windows Exploitation training class at the Black Hat security conference in Las Vegas next month. Offensive Security published a video earlier this week demonstrating what it said was a successful attack.

Administrators have a few options to mitigate the risk in the meantime. Symantec published instructions for disabling the Application and Device Control driver in Endpoint Protection version 12.1. For those on versions 11.x, the Application and Device control policy can be disabled.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags symantecsecurityOffensive SecurityExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?