Not one but three zero-day vulnerabilities were discovered in the suite Symantec Endpoint Protection during a security check in a company financial services used by the software.
The assessment was carried out by a team its experts Offensive Security, a company known to develop and support the Kali Linux Penetration Tool.
The researchers found that the software that was responsible for protecting the company was the cause of its violation.
One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.
Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).
By gaining access to a server's resources through the "security" application, an attacker could perform unauthorized actions as a system administrator which as you understand could lead to its complete destruction. The privileged user is able to delete files, view personal information, and install new software.
For those who do not know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.
Watch this video
Of course, we expect Symantec's response that besides excuses should include the immediate release of a patch that will correct all the vulnerabilities detected by Offensive Security.