Pen Testers at Offensive Security discovered Zero-day flaws in Symantec Endpoint Protection that could be exploited to gain full system access.

Yesterday I reported the results of the study conducted by the security researcher Joxean Koret which publicly revealed a series of flaws affecting 14 of 17 major antivirus engines. The security experts remarked that antivirus products are solutions like many others and their installation could anyway enlarge the attack surface of users to the potential presence of security flaws.

The Antivirus products are continually challenged by many security experts for their real level of effectiveness, today another news is worrying the cyber security industry: the popular Symantec’s Endpoint Protection product is affected by three zero-day flaws that could be exploited by attackers for privilege escalation.

A privilege escalation attack is a type of attack used to grant the attacker, once already logged in, elevated access to the network and its resources (e.g. data and applications).

o1

The experts at Offensive Security, best known for Kali Linux penetration testing distro, discovered different critical flaws during an audit of the Symantec’s Endpoint Protection product, some of them will be discussed in a presentation at the next BlackHat conference in August. Offensive Security plans to preview proof-of-concept code during its “Advanced Windows Exploitation” training class at the conference in Las Vegas.

“In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.” states an announcement published by Offensive Security on their website.

The experts at Offensive Security will release the code for the privilege escalation exploit in the next days, meantime, they have already published a video-POC.

http://vimeo.com/101980410

The three privilege escalation vulnerabilities have been already reported to computer emergency response teams, but Symantec firm hasn’t yet replied.

The representatives of Offensive Security firm didn’t specifically target Endpoint Security during the audit process.

Let’s think about the potential effects of the exploitation on a large-scale of such kind of vulnerabilities affecting Symantect Endpoint Protection products, a bad actor could potentially exploit a critical flaw to gain the access to “hundreds if not thousands of computers” in the financial services company.

Pierluigi Paganini