The cross-site request forgery flaw (CVE-2015-8152) and SQL injection bug (CVE-2015-8153) in the SEP Management Console can be exploited to give authorized users more elevated privileges than originally assigned. Customers should update to RU6-MP4 as soon as possible to address these issues," Symantec said in the advisory. "Symantec product engineers have addressed these issues in SEP 12.1-RU6-MP4. Symantec said there were no reports of any of these vulnerabilities being targeted in the wild.
The third bug bypasses security controls on the Symantec Endpoint Protection client software that prevent users from running untrusted software on the targeted system. Two of the flaws, if exploited, could let authorized low-level users gain higher privileges, Symantec said in its advisory. ***The 14.3 SEP for Mac client version is 14.3. fixed three high-risk security vulnerabilities in Symantec Endpoint Protection last week, which serves as a reminder: Security software needs to be regularly patched, too.Īll three vulnerabilities were fixed in Symantec Endpoint Protection version 12.1. Using a sole trailing backslash with an Exception prefix variable in SEP 14 MP1 causes ccSvcHst.exe to crash (TECH239782) The code change in 14 MP1 Refresh Build, which addresses the following issue, is slated for inclusion in a future release of version 14: Upgrading from 14 MP1 to 14 MP1 Refresh Build (.0100) is not supported. Note: If you run 14 MP1 (.0100), do not upgrade to the 14 MP1 Refresh Build (.0100). (Patch for cosmetic issue obsoleted by Microsoft patch on January 18) (Patch for cosmetic issue obsoleted by Microsoft patch on January 18.) Symantec Agent for Linux version (SEPM) Release Name
See Product Updates in the cloud console (the gift icon) for information on new fixes.
0 kommentar(er)
