• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Storage drives
      • Wearable technologies
      • Protecting data in copiers and multifunction devices
      • Use of survey software
      • Solid State Drives
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
      • Privacy harms
      • Privacy principles
      • Understanding and protecting privacy
    • Sensitive data
      • Guidelines
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Training & awareness
      • Incident Response Webservice
      • Penetration test
      • SSL/TLS certificates
      • Vulnerability scanners
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
    • File sharing & copyright
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
    • Sensitive data
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Critical Vulnerabilities in Symantec Endpoint Protection

Multiple critical vulnerabilities in Symantec Endpoint Protection

Thursday, June 30, 2016

Background

On June 28, details of multiple critical vulnerabilities in Symantec and Norton branded antivirus products were released. Some of the vulnerabilities include wormable remote code execution flaws as the administrative or system user.

Impact

Simply receiving an email with a file or receiving a link to an exploit is enough to allow your system to be compromised. No interaction is necessary to trigger the exploit. This vulnerability is also wormable, which means that it could be turned into a computer worm.

Please see UISO Recommendations and Workarounds below for further steps that must be taken.

Platforms

  • Affected All Symantec and Norton branded antivirus products, including:
    • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
    • Symantec Endpoint Protection (All Versions, All Platforms)
    • Symantec Email Security (All Platforms)
    • Symantec Protection Engine (All Platforms)
    • Symantec Protection for SharePoint Servers
    • etc...

Local Observations

The UISO has not observed active exploitation at IU at this point.

UISO Recommendations

  • The UISO recommends using the recommended antivirus software at IU.
  • If a department has purchased a contract to continue using Symantec products, please ensure that the latest updates are applied to clients and servers through Symantec LiveUpdate.

Workarounds

If a department, or individual, is unable to successfully update their Symantec products through LiveUpdate, then the only known workaround is to uninstall Symantec and install the recommended antivirus software at IU.

Further Reading

  • Recommended antivirus software at IU
  • In Windows, how do I safely upgrade to the latest security software
  • How to Compromise the Enterprise Endpoint
  • Security Advisories Relating to Symantec Products
  • High-severity bugs in 25 Symantec/Norton products imperil millions
  • What are viruses, worms, and trojan horses

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | Privacy Notice | Copyright © 2021 The Trustees of Indiana University