Video Screencast Help
Security Community Blog

SYM14-001 Security Advisories Relating to Symantec Products

Created: 10 Jan 2014 • Updated: 12 Feb 2014
SebastianZ's picture
0 0 Votes
Login to vote

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

 

The vulnerabilities have been already resolved in latest releases of Symantec Endpoint Protection. Additionally as part of standard best practices it is advised to update to the latest version possible, keep all operating systems with latest version of service packs and updates, restrict remote access where possible, adhere to the principle of least privilege as well as use multi-layer protection in the environment utilising variety of security features offered by Symantec products.

All three vulnerabilities reported in Security Advisory SYMC14-01 are candidates for CVE list inclusion as per following IDs:

 

CVE-2013-5009

SEPM Insufficient User Validation Privilege Assumption

CVE-2013-5010

SEP Client ADC Security Policy Bypass Unauthorized File Access

CVE-2013-5011

SEP Client Unquoted Search Path Local Elevation of Privilege