Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

SYM14-001 Security Advisories Relating to Symantec Products

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information
Created: 10 Jan 2014 • Updated: 12 Feb 2014
SebastianZ's picture
0 0 Votes
Login to vote

January 9, 2014 - Symantec has posted SYM14-001 Security Advisories relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege. This is medium severity vulnerability. Detailed information about the vulnerabilities and what SEP builds are affected can be found at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

The vulnerabilities have been already resolved in latest releases of Symantec Endpoint Protection. Additionally as part of standard best practices it is advised to update to the latest version possible, keep all operating systems with latest version of service packs and updates, restrict remote access where possible, adhere to the principle of least privilege as well as use multi-layer protection in the environment utilising variety of security features offered by Symantec products.

All three vulnerabilities reported in Security Advisory SYMC14-01 are candidates for CVE list inclusion as per following IDs:

CVE-2013-5009

SEPM Insufficient User Validation Privilege Assumption

CVE-2013-5010

SEP Client ADC Security Policy Bypass Unauthorized File Access

CVE-2013-5011

SEP Client Unquoted Search Path Local Elevation of Privilege