New Vulnerability in SEPM: SYM13-005, Fixed by Upgrading to 12.1 RU3
Just raising awareness for all SEP Admins: Symantec has posted a new Security Advisory that affects all SEP 12.1 SEPMs earlier than the RU3 release.
"SEPM Secar.dll Buffer Overflow" A DLL in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x server does not properly validate all external input. This could potentially result in a buffer overflow and remote code execution with application privileges on the server that is hosting the management console.
Please see this advisory for full details:
NOTE: Symantec is not aware of any customers affected by this issue or any malicious attempts to exploit this issue. Also, there are IPS signatures in place which will block malicious traffic that attempts to explot this. Please ensure that the SEP client protecting your SEPM has the IPS component enabled and definitions up-to-date!
Keep in mind that upgrading will provide protection against any possible future exploit attempt, and also provide the benefit of many other fixes, enhancements and improvement. See Latest Symantec Endpoint Protection Released - SEP 12.1.RU3 for details.