Critical flaw patched in Symantec console
A security update patches a critical flaw in the management console for Symantec Endpoint Protection Manager.
According to security advisory SYM15-011 from Symantec, the management console for Symantec Endpoint Protection Manager (SEPM) is susceptible to OS command execution and Java code execution elevation of privilege.
The advisory stated that users of the software are susceptible to a "binary planting vulnerability that could result in arbitrary code running with system privileges on a client due to only partially addressing this issue in previous releases."
Thus, an attacker could still exploit an earlier version of the client install package to deploy their crafted client package on an existing client system. This could possibly result in elevated privileges on that client system, the advisory explained.The flaw is addressed with SEP 12.1-RU6-MP3. While the company stated it is not aware of "exploitation of or adverse customer impact" from the flaw, customers are advised to update as soon as possible.