Endpoint Protection

Just raising awareness of another good reason to upgrade to SEP 12.1 RU6 MP3.  Three vulnerabilities which affect MP2 and earlier have been announced.  For details, please see:

Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Elevation of Privilege Issues
SYM15-011
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00

CVE	BID	Description
CVE-2015-6554	BID 77494	SEPM Improper Handling of Untrusted Data
CVE-2015-6555	BID 77495	SEPM Java Code Execution Elevation of Privilege
CVE-2015-1492	BID 76083	SEP Client Binary Planting

RU6 MP3 closes any danger of exploit and also includes many other fixes and improvements:

Symantec™ Endpoint Protection 12.1.6 MP3 Release Notes
http://www.symantec.com/docs/DOC9122
 

Please do upgrade to take advantage of these improvements and to remain secure!  While upgrading, also be sure that all SEP components are installed and enabled. AV alone is not comprehensive protection against today's threats.

Add or remove features to existing Endpoint Protection clients

Article URL: http://www.symantec.com/docs/TECH90936

Thanks Mick,

The real question, why is this not specifically addressed in the release notes/list of fixes? Huge oversight.

We saw the release notes back on the 4th and found we could easily delay this release to near the holidays for our SEPM. Now it appears we'll be doing expedited upgrades.

Exactly because the whole reason I didnt update to MP3 was because it just listed features that I did not need. nothing about vulnerabilities.

When I was looking at file connect it said "EXISTING customers looking for the security update for the management console can use the "Update" link for both versions 11.x and 12.1." but I dont see a "update" link anywhere. so does this mean I need to do a clean install of MP3 to my mangager? and will I need to update all of my clients also?

The install documentation terminology is poor.
The download file works as both an upgrade to existing version (some not direct) or as a clean install. So, if you were on 12.1 RU4/5/6, you can upgrade to RU6 MP3, without a clean install.

For this vulnerability, yes, both the manager and your clients need updated for complete remediation (separate vulnerabilities).

Thanks for clarifying that.

Thanks for sharing it, Mick!

Hello all,

Thank you for the suggestion.  The article:

New fixes and component versions in Symantec Endpoint Protection 12.1.6 MP3
Article URL: http://www.symantec.com/docs/INFO3057

Now includes the clarification:

This document lists the new fixes and component versions in Symantec Endpoint Protection (SEP) 12.1 Release Update 6 Maintenance Pack 3 (12.1.6 MP3). This information supplements the information found in the Release Notes.

In addition to the following fixes, this release addresses Symantec Endpoint Protection Elevation of Privilege Issues (SYM15-011).

Hi,

This is the1st time after any release of SEP revison update or maintenace patch vulnerabilty issue (SEP 12.1 RU6 MP3 was relased on 04th November 2015 and vulnerability issue was on 09th November) has been highlighted.

Two separate KB's was released and after that both were merged

https://support.symantec.com/en_US/article.INFO3057.html