Background
On June 28, details of multiple critical vulnerabilities in Symantec and Norton branded antivirus products were released. Some of the vulnerabilities include wormable remote code execution flaws as the administrative or system user.
Impact
Simply receiving an email with a file or receiving a link to an exploit is enough to allow your system to be compromised. No interaction is necessary to trigger the exploit. This vulnerability is also wormable, which means that it could be turned into a computer worm.
Please see UISO Recommendations and Workarounds below for further steps that must be taken.
Platforms
- Affected All Symantec and Norton branded antivirus products, including:
- Norton Security, Norton 360, and other legacy Norton products (All Platforms)
- Symantec Endpoint Protection (All Versions, All Platforms)
- Symantec Email Security (All Platforms)
- Symantec Protection Engine (All Platforms)
- Symantec Protection for SharePoint Servers
- etc...
Local Observations
The UISO has not observed active exploitation at IU at this point.
UISO Recommendations
- The UISO recommends using the recommended antivirus software at IU.
- If a department has purchased a contract to continue using Symantec products, please ensure that the latest updates are applied to clients and servers through Symantec LiveUpdate.
Workarounds
If a department, or individual, is unable to successfully update their Symantec products through LiveUpdate, then the only known workaround is to uninstall Symantec and install the recommended antivirus software at IU.
Further Reading
- Recommended antivirus software at IU
- In Windows, how do I safely upgrade to the latest security software
- How to Compromise the Enterprise Endpoint
- Security Advisories Relating to Symantec Products
- High-severity bugs in 25 Symantec/Norton products imperil millions
- What are viruses, worms, and trojan horses