«
»

Google Finds Flaws In Symantec AV Software That Have Existed For YEARS

Millions of people and companies that use Symantec’s anti-virus software were likely living with serious vulnerabilities for years according to Google’s Project Zero. That means they were at risk for being pwned by hackers. Here’s the details:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
As Symantec use the same core engine across their entire product line, all Symantec and Norton branded antivirus products are affected by these vulnerabilities, including:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on.
Some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks. Symantec has published advisories for customers, available here.
If you have a Symantec anti-virus product, you need to update yourself right now because it’s a safe bet that the forces of evil will take advantage of these flaws now that they’re public. it also shows that just because you have anti-virus software installed on your computer, it doesn’t mean that you’re safe.

This entry was posted on July 1, 2016 at 10:03 am and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading