Symantec Endpoint Protection, developed by the US-based Symantec Corporation, was shipped without removing several critical security vulnerabilities. The vulnerabilities were discovered in a routine ’99er’ security crash test by experts of the SEC Consult Vulnerability Lab. The unremoved vulnerabilities enable state-sponsored or criminal hackers to take full control of the ‘Symantec Endpoint Protection Manager’ server. With the full control of the server the attackers could obliterate the endpoint protection.
Two Takes
View TECHi Stance
Attackers are scanning ther internet for systems vulnerable to a flaw in SEMP
Zdnet
View all Zdnet Two Takes by TECHi
Read the original story
Published February 19, 2014
TECHi's Take
The Internet Storm Center (ISC) at the SANS Institute is reporting a burst of scanning on ports used by Symantec Endpoint Protection Manager (SEPM) versions 11.0 and 12.1. The scanning appears aimed at building a list of systems vulnerable to a recently-disclosed vulnerability in the product. Symantec disclosed the vulnerability on February 10 and released updates to SEPM (click here for instructions on how to apply updates). The fixed versions of the management console are 11.0 RU7 MP4a (11.0.7405.1424) or 12.1 RU4a (12.1.4023.4080). The vulnerability results from erroneous parsing of XML data sent to the console, causing the console to send unsanitized queries to an internal database.
NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.
Balanced Perspective
TECHi weighs both sides before reaching a conclusion.
TECHi’s editorial take above outlines the reasoning that supports this position.
More Two Takes from Zdnet
While Xiaomi was struggling just to meet the low-end of its sales goals for last year, Huawei was blowing past…
China's latest attempt to control what's said on the Internet comes in the form of an amendment to the government's…
Hewlett-Packard's plans to split itself into two separate companies has been common knowledge for months, and now the company's board…
It looks like you can add Samsung to the ever-growing list of companies that want to create their own network…