Massive zero day vulnerability in most Symantec / Norton security products

If you’re using a Symantec or Norton security product, update it now, we’ll wait (yup, another zero day, and it’s a big deal).

According to this article at The Register, Google Project Zero initiative researcher Tavis Ormandy discovered a vulnerability in the Norton / Symantec products that is 100% reliable, works on the default configuration, requires no user interaction and gives an attacker system level access to target machines.  Tavis is the same researcher that found problems in other security products but this one is the worst.

Symantec has patched the vulnerability and all users are encouraged to update as soon as possible.

Some key points from the article include what users should do:

  • Restrict access to administrative or management systems to authorised privileged users.
  • Restrict remote access, if required, to trusted / authorised systems only.
  • Run under the principle of least privilege where possible to limit the impact of potential exploit.
  • Keep all operating systems and applications current with vendor patches.
  • Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network- and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.

Misc / Erratta

Leave a Reply