Endpoint Protection

Is there any additional available about CVE-2012-4953? There is only the US-CERT announcment at http://www.kb.cert.org/vuls/id/985625. I can't find any information here on Symantec's site. I'm looking to understand the vector and remediation options better. The current statement that there will be no fix for a critical vuln in the still supported (but EOL) SEP 11 is a serious concern.

David

I cannot find anything either.

Your best bet would be to call support to see what they have. Or perhaps if you can works with your SE on it, they may be able to get you something.

Contact the Support..

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

India: Toll-Free 000 800 4401 456 directly

IDD call: +61 2 8220 7111

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Customer Care Contact Numbers for Licensing Issues:-

http://www.symantec.com/support/assistance_care.jsp

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Scott,

Will there be a KB addressing this vulnerability?!

The official Symantec Security Advisory for the SEP Decomposer CAB File Issue (CERT VU#985625) has been posted.

The Security Advisory for CERT VU#985625 provides an overview, as well as technical details on this issue. The advisory also includes steps for mitigation.

The link can be found here: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00

Thank you for your patience.

Scott Sawoya

SEP Product Management Team

The official Symantec Security Advisory for the SEP Decomposer CAB File Issue (CERT VU#985625) has been updated and is now live at the link below.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00

Highlights of the changes in this update:

• Clarification details on scripting the “Disable CAB file scanning” mitigation option
• Additional mitigation option of “Disabling archive file scanning” via Antivirus policy from the SEP Manager with instructions
• Addition of links to important KB articles

Thank you.

Scott Sawoya

SEP Product Management Team

We have released a Fix Tool for this issue that automates replacement of the decomposer engine for Symantec Endpoint Protection 11 RU5 to RU7 MP3.

The tool will update each RU5 to RU7 MP3 client to Decomposer version 1.2.8 and will need to be run on each client system. The SYM12-017 Symantec Legacy Decomposer CAB File Issues KB article has been updated with detailed instructions on the use of this tool. The tool can also be downloaded directly from the KB article, here: http://www.symantec.com/business/support/index?page=content&id=TECH199470

Thank you for your continued patience on this issue.

Scott Sawoya

SEP Product Management

Just adding new information that may be of interest:

About the LiveUpdate patch for Symantec Advisory SYM-12-017
Article:TECH200168   |  Created: 2012-11-27   |  Updated: 2012-11-28   | 
Article URL http://www.symantec.com/docs/TECH200168