Symantec Enterprise Software Has a Big Security Hole
May 30, 2006 Timothy Prickett Morgan
We don’t normally worry too much about what is going on with the security of Windows desktops–well, at least not editorially in this newsletter. But as users of Windows desktops and laptops, as most of you are, we get a little concerned about security holes and the potential havoc they can wreak in the data center and on the desktops.
With that in mind, we just wanted you to be aware that Symantec has issued a statement that there is a stack overflow vulnerability in its Symantec Client Security 3.1 and Symantec AntiVirus Corporate Edition 10.1 software. The vulnerability is such that it can allow someone local or remote to potentially take over the machine and execute code on your machine. The hole does not require a hacker to authenticate on your machine or for you to do anything at all, so it is a good thing that there is not an exploit available for this security hole. Basically, the antivirus portion of the program is an open door right now as I write this. Apparently, the low-end desktop products do not have this vulnerability, which is a bit peculiar.
eEye Security, a security software firm that sells complimentary products for managing network security, put out a statement on May 24 saying it had discovered the vulnerability. On May 25, Symantec’s software engineers verified that this vulnerability exists and released a statement itself. Symantec has released intrusion detection system (IDS) signatures to help security officers detect when this vulnerability is being exploited, and further advises everyone to be careful opening attachments and surfing the Web, since code can just run if it sniffs you out. Symantec is working on a patch for this hole. The tricky bit is that as soon as a patch is released, hackers will be able to craft an exploit instantly. So keep your Symantec software up to date.