Symantec Endpoint Protection vulnerabilities enable privilege escalation

Share this article:
Symantec Endpoint Protection vulnerabilities enable privilege escalation
The vulnerabilities can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.

It seems even security software needs security these days – on Tuesday, researchers with Offensive Security announced that they discovered vulnerabilities in Symantec Endpoint Protection (SEP) that can enable escalation of privileges.

A Symantec spokesperson told SCMagazine.com on Wednesday that the company is aware of the reported SEP vulnerabilities and is currently investigating the matter.

The vulnerability demonstrated in a video posted on Tuesday exists in SEP software drivers, Mati Aharoni, CEO of Offensive Security, told SCMagazine.com in a Wednesday email correspondence, explaining that default installation of SEP exposes some of the drivers to unsafe inputs that can be exploited.

“An attacker exploiting these vulnerabilities would require the ability to run commands on the targeted system,” Aharoni said. “A malicious local individual would be able to elevate their privileges from a regular or non-privileged user to complete NT AUTHORITY\SYSTEM access on each machine with SEP installed.” 

That means that a regular user in the domain could use the vulnerability to gain administrative control of the computer they are working on, or an attacker that has compromised a system under the context of a normal user could escalate to administrative access, Aharoni said.

“Gaining this level of access is often the first step needed for a deeper compromise within an organization,” Aharoni said. “From a penetration testing standpoint, a vulnerability like this most often results in a cascading effect [that] can quickly result in a complete Windows domain takeover.”

Offensive Security will be publishing the code for the privilege escalation exploit in the coming days, which Aharoni said makes carrying out the attack fairly simple. He added that writing the working code was complex, and it will be further reviewed during an Advanced Windows Exploitation course at the upcoming Black Hat 2014 conference. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.

Cybercriminals continue to piggyback on Ebola news

Email samples discovered by researchers at Trustwave reveal how attackers are infecting users with the DarkComet Remote Access Trojan.

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.