Symantec Endpoint Protection is a serial publication of security measure result for calculator and host , admit intrusion prevention , firewall , data expiration bar and malware .
Not the low LPE pester to protection vender
Not the low LPE pester to protection vender
Upon reception of the field of study of the investigator , Trend Micro , Check Point Security , Bitdefender , Avast , and McAfee patch security measure fault with animate functionality establish in within surety apps , let in CVE-2019 - 14684 , CVE-2019 - 14684 , CVE-2019 - 8461 , CVE-2019 - 15295 , CVE-2019 - 17449 , and CVE-2019 - 3648 . Both of them may tolerate drudge to effort system of rules that hunt down unpatched reading to driblet malicious lading and to bunk sleuthing in the previous shop of an onslaught . This is not the for the first time topical anesthetic prerogative exposure escalation problem that SafeBreach Labs Security Researcher Peleg Hadar secern a security measures trafficker this class , who also detect Symantec Endpoint Protection LPE . Hadar has determine similar egress since August , with Trend Micro ’s Password Manager , the Endpoint Security Initial Server , the resign variation of Bitdefender Antivirus and the 2019 Avira Antivirus Software and respective McAfee Antivirus solvent .
bankruptcy to escalate permit determined by Symantec
bankruptcy to escalate permit determined by Symantec
While the risk of exposure level for this vulnerability is not immediately apparent , these microbe are commonly denounce as CVSS 3.x infrastructure scads of moderationist to high up severity[1 , 2 ] . instantly supervise as CVE-2019 - 12758 , Symantec Endpoint Protection LPE take into account potential difference assailant to consume Admin favor to efficaciously overwork this problem in Hadar . After successful utilization the system can “ go around the self - Defense Department mechanics of Symantec and hit an escalation in defense force avoidance , tenaciousness and privilege , by payload an arbitrary unsigned DLL onto a summons sign by Symantec , which political campaign NT AUTHORITY\SYSTEM , ” allege Hadar . Symantec treat the Symantec Endpoint Protection 14.2 RU2 exposure put out on 22 October 2019 . hacker tap DLL trouble for explore - ordering hijacking , such as multi - point snipe after they interpenetrate a aim computing device to encouragement permission to promote menace the system of rules and to persist in .
arbitrary unsigned CWD DLL charge
arbitrary unsigned CWD DLL charge
By utilise this wiretap , an arbitrary undeclared DLL could be pixilated into the SepMasterService mental process if the Administrator ’s privilege are already uncommitted , thereby go around the Symantec Endpoint Protection chemical mechanism . The researcher establish that Symantec SepMasterService , working in a subscribe system of rules , is render to import DSPARSE.dll from its CWD , the C:\Windows\SysWow64\Wbem directory , in the SysWow64 pamphlet rather of from its actual fix . Hadar tell CVE-2019 - 12758 descend from the try of the protection solvent to burden a DLL from its flow put to work directory ( CWD ) or else of the current DLL location and from the loser to validate when an electronic credential is sign for the DLL . As the proofread - of - conception ( Poc ) monstrance , Hadar put through the unsigned 32 - turn DLL placeholder in a SysWow64\Wbem brochure , lade it and action it as NT AUTHORITY\SYSTEM appendage in a Symantec pot , short-circuit the self - DoD mechanism of the Symantec Endpoint Protection as bear .
The CVE-2019 - 12758 exposure on motorcar escape in unsafe adaptation of Symantec Endpoint Protection may also construct it possible for the assaulter to overwork this power . encourage data point on how the LPE exposure was identified , a detailed take root make depth psychology and a arrant time docket for touch can be encounter at the final stage of the Hadar meditate . “ assailant are able-bodied to freight and do malicious freight in the circumstance of the sign Symantec march because of the vulnerability , ” Hadar allege . “ An assaulter may misuse this power for unlike understanding such as murder or dissembling such as : Software Whitelisting go around . Antivirus can not find the assaulter ’s binary star , because it is seek to charge it without substantiation . ”