Not one but three zero-day vulnerabilities were discovered in the suite Symantec Endpoint Protection during a security audit to a financial services company that used the software.
The evaluation was carried out by a group of its experts Offensive Security, a company known to develop and support the Kali Linux Penetration Tool.
The researchers found that the software that was responsible for protecting the company was the cause of its violation.
One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.
Hackers report that they have discovered several vulnerabilities in the Symantec Endpoint Protection application. Some of these are considered zero-days and have been reported to CERTs (emergency response teams information technologyor computer emergency response teams).
By acquisition access στους πόρους ενός server μέσω της εφαρμογής “ασφαλείας”, ένας εισβολέας θα μπορούσε να εκτελέσει μη εξουσιοδοτημένες ενέργειες σαν διαχειριστής του συστήματος κάτι που όπως καταλαβαίνετε θα μπορούσε να οδηγήσει στην πλήρη καταστροφή του. Ο προνομιακός χρήστης έχει τη δυνατότητα να διαγράψει αρχεία, να δει προσωπικές information, and install new software.
For those who do not know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.
Watch the video
Of course we await Symantec's response which, in addition to excuses, should contain the immediate release of a patch that will correct all the vulnerabilities revealed by Offensive Security.
