Not one but three zero-day vulnerabilities were discovered in the suite Symantec Endpoint Protection during control better safetys to a financial services company that used the software.
The assessment was carried out by a team its experts Offensive Security, a company known for developing and supporting the penetration tool Kali linux.
The researchers found that the software that was responsible for protecting the company was the cause of its violation.
One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.
Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).
By gaining access to a server's resources through the "security" application, an attacker could perform unauthorized actions as a system administrator which as you understand could lead to its complete destruction. The privileged user is able to delete files, view personal information, and install new software.
For those who don't know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.
Watch this video
Of course, we expect Symantec's response that besides excuses should include the immediate release of a patch that will correct all the vulnerabilities detected by Offensive Security.