Symantec fixes Enterprise Security Manager flaw

By
Follow google news

Symantec has fixed a flaw in its Enterprise Security Manager (ESM) solution that allows an attacker to take complete control of a PC.

Symantec fixes Enterprise Security Manager flaw
In an advisory released Thursday, Symantec said that all versions of the product are vulnerable to the flaw, which exists in the ESM agent remote upgrade interface.

The program’s agent accepts remote upgrade requests from any entity that understands the upgrade protocol, not verifying that the requests are from a trusted source, as it should, according to the advisory.

A hacker, assuming they have knowledge of the agent’s protocol, can take control of a PC by infecting it with malicious software.

The anti-virus giant was not aware of any exploits in the wild, according to Symantec.

The flaw is exploitable from both remote and local locations, according to a Friday advisory from FrSIRT (the French Security Incident Response Team), which ranked the flaw as "high risk."

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

NAB's SecOps rethink focuses on data expert and dev hires

NAB's SecOps rethink focuses on data expert and dev hires

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?