Not one but three zero-day vulnerabilities were discovered in the suite Symantec Endpoint Protection during a security audit to a financial services company that used the software.
The evaluation was carried out by a group of its experts Offensive Security, a company known for developing and support of the penetration tool Kali Linux.
The researchers ανακάλυψαν ότι το λογισμικό που είχε αναλάβει την προστασία της εταιρείας ήταν η αιτία για την παραβίαση της.
One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.
Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).
By gaining access to a server's resources through the "security" application, an attacker could perform unauthorized actions as a system administrator which as you understand could lead to its complete destruction. The privileged user is able to delete files, view personal information, and install new software.
For those who do not know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.
Watch this video
Of course, we expect Symantec's response that besides excuses should include the immediate release of a patch that will correct all the vulnerabilities detected by Offensive Security.
