The experts at Offensive Security which is best known for Kali Linux penetration testing have discovered different critical flaws in the Symantec’s Endpoint Protection product during an audit. They have added that they were not specifically asked to audit the Symantec Endpoint Protection. The researchers will discuss some of this points at the BlackHat conference to be held in August 2014.
As per their blog, they also plan to preview proof-of-concept code during “Advanced Windows Exploitation” training class at the AWE course at Black Hat 2014, Las Vegas
“In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.”
The experts at Offensive Security will release the code for the privilege escalation exploit in the next days which Techworm will bring to its readers as soon as they make it available.
The experts have also published a Vimeo video of the Proof of Concept which is given below which is ‘best viewed in full screen’ in the words of Offensive Security.
Offensive Security says that all three privilege escalation vulnerabilities have been already reported to computer emergency response teams, but Symantec firm hasn’t yet replied.
If the exploit is ever used in the wild it may lead to hackers potentially exploiting the critical flaw to gain the access to probably hundred of computers in the financial services sector as many of them use the Symantec Endpoint Protection for Endpoint security. This also calls for a serious audit of all Anti Virus firms across the board by a neutral third party audit system. Resource : Offensive Security