Run under the principle of least privilege, where possible, to limit the impact of potential exploit. Restrict remote access to trusted/authorized systems only. Restrict access to administrative or management systems to authorized privileged users. Symantec recommends the following measures to reduce risk of attack: At this time, there is no evidence of any attempts at these exploits in the wild. Symantec has also created additional detections and protections which are in place and is continuing to monitor any attempts of this exploit against our products. The following product updates have been made available to customers to remediate these issues: Symantec Endpoint Protection (Windows Endpoint), prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Symantec Endpoint Protection (Windows Endpoint), prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 
Symantec Endpoint Protection Manager (SEPM) Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Manager (SEPM) products.
0 kommentar(er)
