Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

LiveUpdate Administrator 2.3 Vulnerability - Please Upgrade!

Created: 15 Jun 2012 | 11 comments
Mick2009's picture

All users of LiveUpdate Administrator 2.x (LUA 2.x) are strongly encouraged to ensure they are on the latest available release, LUA 2.3.1, in order to avoid a newly discovered vulnerability in earlier versions.

Full details:

Security Advisories Relating to Symantec Products - Symantec LiveUpdate Administrator 2.3 Insecure File Permissions SYM12-009

The optional LUA tool is free to all customers with a valid contract.  To upgrade, just contact Technical Support and they will provide download details.

Comments 11 CommentsJump to latest comment

P_K_'s picture

Thanks alot for Sharing the information Mick

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Mick2009's picture

Here's the official KB on how to obtain the latest release of LUA, by the way.....

How to obtain the latest version of Symantec LiveUpdate Administrator (LUA) 2.x
Article: TECH134809   |  Created: 2010-01-09   |  Updated: 2012-05-31   | 
Article URL http://www.symantec.com/docs/TECH134809 
 

With thanks and best regards,

Mick

dbamberg's picture

Please excuse any ignorance, but we still have an older SAV 10.x environement and in it we use the LiveUpdate Administration Utlity (LUAU).  Is this the same product as the vulnerable version, or is there a difference between the LiveUpdate Administrator (LUA) and the LiveUpdate Administration Utlity (LUAU)?

Mick2009's picture

Rest easy - LUAU 1.x has completely different technology under the hood.  It is not affected by this vulnerability. 

On a related note, I do encourage all admins with SAV 10 clients in their network to upgrade to SEP as soon as possible.  On 4 July 2012, SAV 10.1 will reach its end. 

With thanks and best regards,

Mick

dbamberg's picture

Thank you!  And as for 10.1, we're almost done migrating off, less than 10% of our devices left.  Thanks for the heads up on the EOL though!

Dushan Gomez's picture

So is this the latest version ?

where is the upgrade instruction step by steps please ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

Mick2009's picture

Hi Dushan,

LUA 2.3.1 is currently the most up-to-date release.  Subscribe to either of the following articles to be notified when a new version comes out:

LiveUpdate Administrator 2.3.x: Release Notes
Article: TECH155523   |  Created: 2011-03-14   |  Updated: 2011-12-12   | 
Article URL http://www.symantec.com/docs/TECH155523

How to obtain the latest version of Symantec LiveUpdate Administrator (LUA) 2.x
Article: TECH134809   |  Created: 2010-01-09   |  Updated: 2012-06-19   | 
Article URL http://www.symantec.com/docs/TECH134809 
 

LUA 2.3.1 will install right over the older LUA 2.3.0 or LUA 2.2.2.9.

With thanks and best regards,

Mick

Dushan Gomez's picture

Many thanks Mick for the reply, I'll perform inline upgrade with my current production LUA now.

Is there any caveats or backup before I'm doing the upgrade ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

Mick2009's picture

How to backup and restore LiveUpdate Administrator (LUA) configuration in LUA 2.3
Article: TECH159239   |  Created: 2011-05-02   |  Updated: 2012-01-19   | 
Article URL http://www.symantec.com/docs/TECH159239 
 

With thanks and best regards,

Mick

Stanimir Kalnev's picture

"Contact Symantec Technical Support to obtain the latest version of LUA 2.x. LUA will be provided free of charge to all customers with valid support contracts, except where prohibited by law or international treaty restrictions."

Excuse me for stupid question, but how may I Contact Symantec Technical Suppor ?

Dushan Gomez's picture

Here's the link from the Symantec Tech Support:

https://www-secure.symantec.com/norton-support/jsp...

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP