Home Hacking News Code Execution Vulnerability Found In Symantec Endpoint Protection
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Code Execution Vulnerability Found In Symantec Endpoint Protection

by Abeerah Hashim
written by Abeerah Hashim
Symantec Endpoint Protection vulnerability

Continuing the trail of vulnerable antivirus tools, now joins Symantec. Researchers have found a serious vulnerability in Symantec Endpoint Protection software. Exploiting this flaw could allow an attacker to execute codes on the target system.

Symantec Endpoint Protection Vulnerability

Researchers from SafeBreach Labs have found a serious vulnerability in another antivirus program. This time, they have found the vulnerability in Symantec Endpoint Protection.

Explaining this local privilege escalation vulnerability in a blog post, the researchers stated,

We found a service (SepMasterService) of the Symantec Endpoint Protection which is running as signed process and as NT AUTHORITY\SYSTEM, which is trying to load the following DLL which doesn’t exist:
c:\Windows\SysWOW64\wbem\DSPARSE.dll

Thus, it became possible for an attacker to execute code by uploading an arbitrary DLL while bypassing the self-defense mechanism. The researchers have shared the proof-of-concept for the exploit in their report. As stated,

We were able to load an arbitrary Proxy DLL (which loaded another arbitrary DLL) and execute our code within a service’s process which is signed by Symantec Corporation as NT AUTHORITY\SYSTEM.

Consequently, exploiting this bug could allow an attacker to gain SYSTEM access, bypass app whitelisting, and persistently run malicious codes.

Symantec Issued A Fix

After discovering the bug, the researchers reported it to Symantec in August 2019, which the vendors confirmed the next day.

Recently, Symantec has issued a fix for this vulnerability assigned with CVE number CVE-2019-12758. The fix for the LPE flaw is already available with Symantec Endpoint Protection 14.2 RU2 release. Hence, the users must ensure upgrading their systems to the patched version to stay protected from potential attacks.

Recently, SafeBreach Labs has also reported vulnerabilities in other critical programs, including all editions of McAfee Antivirus, Check Point’s Endpoint Security Initial Client software for Windows, and Bitdefender Antivirus Free 2020.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses

GoPlus’s Latest Report Highlights How Blockchain Communities Are...