Symantec Patches 'High-Risk' Bug - InformationWeek
IoT
IoT
News
News
4/10/2007
06:03 PM
50%
50%
RELATED EVENTS
How Cloud Can Streamline Business Workflow
Jul 11, 2017
In order to optimize your utilization of cloud computing, you need to be able to deliver reliable ...Read More>>

Symantec Patches 'High-Risk' Bug

No known exploits have hit the vulnerability, which affects every version of Symantec's Enterprise Security Manager but one.

Symantec on Tuesday patched a vulnerability in its Enterprise Security Manager tool that could enable a hacker to remotely control an infected computer.

The security vendor is warning users to update their software as soon as possible, saying this is a "high-risk" bug. All versions of ESM are vulnerable, except version 6.5.3, which includes the fixes and is not vulnerable.

A spokesman for Symantec said in an interview that the company isn't aware of any proof-of-concept code or exploits for this vulnerability.

The ESM tool is designed to discover and report vulnerabilities and security policy deviations, such as inappropriate passwords and missing patches.

The flaw lies in the fact that the tool does not authenticate someone who's making an upgrade request. That means a hacker could use the flaw to infect the system with malware.

"The vulnerability exists in the ESM agent remote upgrade interface," Symantec explained in an online advisory. "The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol. The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer."

The ESM agent has administrative privileges.

The patch will be pushed out to users automatically, or they can manually install it, Symantec said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll