Symantec Product Security has posted SYM14-004 - Product Security Advisory for Symantec Endpoint Protection Management Vulnerabilities
- A Security Advisory has been posted.
- This is a High Severity Advisory which identifies multiple vulnerabilities in the Symantec Endpoint Protection Manager.
A BCS Bulletin is being sent.
- While there are no known exploits taking advantage of this vulnerability, Symantec is urging all customers to update their managers to the latest version, Symantec Endpoint Protection Manager 12.1 RU4a, as soon as possible. Clients are not affected and do not need to be updated. As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches.
- For detailed information on this vulnerability including the products and builds affected and information on obtaining an updated build, please review the advisory at:
- As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches. For additional information on this and any other recent advisories, please visit the Symantec Advisory page at: http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory
- Additionally Symantec has released IPS signature 27273 to detect and help mitigate this exploit. Symantec recommends enabling all functionality within Symantec Endpoint Protection for maximum security.
- If you are not able to update at this time, there are mitigations. Symantec’s recommended configuration for Symantec Endpoint Protection Manager is that it not be externally accessible which would limit potential exploits. You can configure your firewall to block external access to the vulnerable components. Please refer to TECH214866 for ramifications of blocking these ports.
For any open cases on this issue, please link to the document below:
Symantec Endpoint Protection Manager update versions 11.0 RU7-MP4a (11.0.7405.1424) and 12.1 RU4a (12.1.4023.4080) are available from Symantec File Connect.
The following picture, shows the section within Symantec File Connect.