Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

New Vulnerability in SEPM: SYM13-005, Fixed by Upgrading to 12.1 RU3

Created: 19 Jun 2013 | 2 comments
Mick2009's picture

Just raising awareness for all SEP Admins: Symantec has posted a new Security Advisory that affects all SEP 12.1 SEPMs earlier than the RU3 release. 

"SEPM Secar.dll Buffer Overflow"   A DLL in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x server does not properly validate all external input.  This could potentially result in a buffer overflow and remote code execution with application privileges on the server that is hosting the management console.

Please see this advisory for full details:

Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager 12.1.x Buffer Overflow
SYM13-005

 

NOTE: Symantec is not aware of any customers affected by this issue or any malicious attempts to exploit this issue. Also, there are IPS signatures in place which will block malicious traffic that attempts to explot this.  Please ensure that the SEP client protecting your SEPM has the IPS component enabled and definitions up-to-date! 

Keep in mind that upgrading will provide protection against any possible future exploit attempt, and also provide the benefit of many other fixes, enhancements and improvement.  See Latest Symantec Endpoint Protection Released - SEP 12.1.RU3 for details.

Many thanks!

Mick

Comments 2 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Thank you Mick for updating us all.

It is indeed important keep consistency in the SEP environment and to Migrate to the Latest version of Symantec Endpoint Protection 12.1 RU3.

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.