Multiple Vulnerabilities in Symantec Products Including SEP (CVE-2016-2210)

[Josh Kwan]

SUMMARY

===

Multiple, critical vulnerabilities have been discovered in Symantec products including Symantec Endpoint Protection (SEP), an anti-virus product previously licensed and distributed on campus. [1]

Campus support and licensing for SEP ended on September 30, 2014. [2]

IMPACT

===

Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user. [1]

VULNERABLE

===

* Symantec Endpoint Protection for Windows, Mac, or Linux versions 12.1.6 MP4 and prior

* Additional Symantec products are affected. Please review Symantec's security advisory for a comprehensive list. [1]

RECOMMENDATIONS

===

* If you have an old version of SEP that was obtained from UC Berkeley Software Central or an old desktop image, remove SEP immediately and install Microsoft SCEP which is the current anti-virus/anti-malware software licensed for campus users. [3]

* If you have paid to license Symantec products (e.g. personal or departmental purchase), upgrade your software per Symantec's instructions. [1]

REFERENCES

===

[1] https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

[2] https://security.berkeley.edu/news/symantec-endpoint-protection-sep-licenses-expiring

[3] https://security.berkeley.edu/resources/software/anti-malware

[4] https://security.berkeley.edu/news/multiple-vulnerabilities-symantec-products-including-sep-cve-2016-2210