Symantec Endpoint Protection vulnerabilities enable privilege escalation

Share this article:
Symantec Endpoint Protection vulnerabilities enable privilege escalation
The vulnerabilities can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.

It seems even security software needs security these days – on Tuesday, researchers with Offensive Security announced that they discovered vulnerabilities in Symantec Endpoint Protection (SEP) that can enable escalation of privileges.

A Symantec spokesperson told SCMagazine.com on Wednesday that the company is aware of the reported SEP vulnerabilities and is currently investigating the matter.

The vulnerability demonstrated in a video posted on Tuesday exists in SEP software drivers, Mati Aharoni, CEO of Offensive Security, told SCMagazine.com in a Wednesday email correspondence, explaining that default installation of SEP exposes some of the drivers to unsafe inputs that can be exploited.

“An attacker exploiting these vulnerabilities would require the ability to run commands on the targeted system,” Aharoni said. “A malicious local individual would be able to elevate their privileges from a regular or non-privileged user to complete NT AUTHORITY\SYSTEM access on each machine with SEP installed.” 

That means that a regular user in the domain could use the vulnerability to gain administrative control of the computer they are working on, or an attacker that has compromised a system under the context of a normal user could escalate to administrative access, Aharoni said.

“Gaining this level of access is often the first step needed for a deeper compromise within an organization,” Aharoni said. “From a penetration testing standpoint, a vulnerability like this most often results in a cascading effect [that] can quickly result in a complete Windows domain takeover.”

Offensive Security will be publishing the code for the privilege escalation exploit in the coming days, which Aharoni said makes carrying out the attack fairly simple. He added that writing the working code was complex, and it will be further reviewed during an Advanced Windows Exploitation course at the upcoming Black Hat 2014 conference. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.