On June 28, 2016, Google’s Project Zero Researcher Tavis Ormandy released a blog that published details of multiple critical vulnerabilities with various Symantec products.
According to Ormandy, these vulnerabilities, “Don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases, on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
Symantec has released updates to affected products. There are 17 Symantec enterprise products and 8 Norton products listed. The majority of these updates will be automatically installed, although some will need to be installed by end users or administrators manually. If you’re a Symantec customer or user in general, we recommend you check the following lists and update as soon as possible.
Symantec recommends the following best practices:
- Restrict access to administrative or management systems to authorized privileged users
- Restrict remote access, if required, to trusted/authorized systems only
- Run under the principle of least privilege where possible to limit the impact of potential exploits
- Keep all operating systems and applications current with vendor patches
- Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
You can find Secure Sense on Facebook, LinkedIn and Twitter. Follow us for current company and industry news.