Symantec fixes Enterprise Security Manager flaw

By
Follow google news

Symantec has fixed a flaw in its Enterprise Security Manager (ESM) solution that allows an attacker to take complete control of a PC.

Symantec fixes Enterprise Security Manager flaw
In an advisory released Thursday, Symantec said that all versions of the product are vulnerable to the flaw, which exists in the ESM agent remote upgrade interface.

The program’s agent accepts remote upgrade requests from any entity that understands the upgrade protocol, not verifying that the requests are from a trusted source, as it should, according to the advisory.

A hacker, assuming they have knowledge of the agent’s protocol, can take control of a PC by infecting it with malicious software.

The anti-virus giant was not aware of any exploits in the wild, according to Symantec.

The flaw is exploitable from both remote and local locations, according to a Friday advisory from FrSIRT (the French Security Incident Response Team), which ranked the flaw as "high risk."

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
enterprisefixesflawmanagersecuritysymantec

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

Poor WA gov M365 security led to $71k theft and children's data breached
US medical device maker Stryker's Microsoft environment attacked

US medical device maker Stryker's Microsoft environment attacked
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
US suspects China in breach of FBI surveillance network

US suspects China in breach of FBI surveillance network
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?