Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Need advice on Heart Bleed Vulnerability

Created: 10 Apr 2014 • Updated: 21 Apr 2014 | 10 comments
This issue has been solved. See solution.

Hi All,

We are using SEP 12.1 RU3 . As per the qualys scan report we found vulnerable on few servers . But there is no activity detected on SEPM Reports or risk logs.

We need to block the vulnerable . Please advice

Operating Systems:

Comments 10 CommentsJump to latest comment

.Brian's picture

Are the SEPMs exposed externally? If not, risk is low.

See here which talks about adding workarounds:

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

Article:TECH216558  |  Created: 2014-04-09  |  Updated: 2014-04-10  |  Article URL http://www.symantec.com/docs/TECH216558

 Also, this thread has a lot of good info:

https://www-secure.symantec.com/connect/forums/ope...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Mick2009's picture

Also see this page:

Heartbleed Vulnerability
http://www.symantec.com/outbreak/?id=heartbleed

With thanks and best regards,

Mick

SOLUTION
Mick2009's picture

Also: if the SEP client defending the SEPM has its IPS component in place, this IPS signature will offer protection:

Attack: OpenSSL Heartbleed CVE-2014-0160 3

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27517

This signature was added in Security Update: 772 [Extended version: April 10, 2014 Rev: 012]

IPS is a crucial part of today's defenses.

Two Reasons why IPS is a "Must Have" for your Network

https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

Hope this helps!

Mick

With thanks and best regards,

Mick

SOLUTION
Chetan Savade's picture

Hello Everyone,

SEPM 12.1 RU2 to SEPM 12.1 RU4 MP1 (inclusive) are vulnerable. They utilize OpenSSL 1.0.1.

Customers using an affected version should block general access to port 8445 on their SEPM to mitigate this vulnerability until a product update is available. 

Subscribe to this article to be notified of any changes to this article.

Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

http://www.symantec.com/docs/TECH216558

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
Mithun Sanghavi's picture

Hello,

Be advised about another type of attack exploiting the Heartbleed Vulnerability - Reverse Heartbleed - Security Response has posted a brief blogs about this already:

Heartbleed Poses Risk to Clients and the Internet of Things

https://www-secure.symantec.com/connect/blogs/hear...

Heartbleed – Reports from the Field

Heartbleed Bug Poses Serious Threat to Unpatched Servers

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
.Brian's picture

Happy to help. Please don't forget to close out the thread by clicking the Mark as Solution link for the most helpful post. You can also mark multiple posts as the solution by clicking the Request split solution link.

Thanks and take care

Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Symantec Endpoint Protection 12.1.4.1a is now available

Article:AL1555 | Created: 2014-04-17 | Updated: 2014-04-17 | Article URL http://www.symantec.com/docs/AL1555

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1A (12.1 RU4 MP1a) English has been posted to FlexNet!

https://www-secure.symantec.com/connect/blogs/symantec-endpoint-protection-121-release-update-4-maintenance-patch-1a-121-ru4-mp1a-english-ha

SameerU's picture

Hi,

Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1a (12.1.4104.4130 - 12.1 RU4 MP1a) English has been released and is now available for customers to download on FlexNet. This new SEPM release addresses the OpenSSL “Heart Bleed” vulnerability. Additional language versions will become available throughout the week.

 Additional note that the Tech article has been updated with Directions to download the maintenance patch:
http://www.symantec.com/business/support/index?pag...
 
Please continue to check the product matrix and each product Tech note for up to the date information on other products.
http://www.symantec.com/outbreak/?id=heartbleed

Regards

Mick2009's picture

Followers of this thread may be interested in attending Symantec's webcast on Tuesday the 29th.  The following blog post has all the details and a link to the registration page

The Heartbleed Bug: How to Protect Your Business
https://www-secure.symantec.com/connect/blogs/heartbleed-bug-how-protect-your-business

With thanks and best regards,

Mick

With thanks and best regards,

Mick