Not one but three zero-days vulnerabilities were discovered in the suite Symantec Endpoint Protection during the duration security audit at a financial services company that used the software.
The evaluation was carried out by a group of its experts Offensive Security, a company known to develop and support the Kali Linux Penetration Tool.
The researchers found that the software that was responsible for protecting the company was the cause of its violation.
One of the exploits allows a potential attacker to gain complete control over the server "protected" by the suite security. The researchers even published a video that proves their success. However, no further details have been given about the weaknesses for obvious reasons.
Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).
By acquisition accesss on the resources of a server through the "security" application, an attacker could perform unauthorized actions as a system administrator which, as you understand, could lead to its complete destruction. The privileged user has the ability to delete files, view personal information, and install new software.
For those who do not know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.
Watch the video
Of course we await Symantec's response which, in addition to excuses, should contain the immediate release of a patch that will correct all the vulnerabilities revealed by Offensive Security.