Hackers exploit DLL problems for search-order hijacking, such as multi-stage attacks after they penetrate a target computer to boost permissions to further jeopardize the system and to continue.Īfter successful utilization the system can “bypass the self-defense mechanism of Symantec and reach an escalation in defense avoidance, persistence and privileges, by loading an arbitrary unsigned DLL onto a process signed by Symantec, which runs NT AUTHORITY\SYSTEM,” says Hadar. While the risk level for this vulnerability is not immediately evident, these bugs are usually rated as CVSS 3.x base scores of moderate to high severity. Now monitored as CVE-2019-12758, Symantec Endpoint Protection LPE allows potential attackers to have Admin privileges to effectively exploit this problem in Hadar. Failure to escalate permissions set by Symantec # Upon receipt of the study of the researcher, Trend Micro, Check Point Security, Bitdefender, Avast, and McAfee patched security flaws with repair functionality built in within security apps, including CVE-2019-14684, CVE-2019-14684, CVE-2019-8461, CVE-2019-15295, CVE-2019-17449, and CVE-2019-3648.
Hadar has found similar issues since August, with Trend Micro’s Password Manager, the Endpoint Security Initial Server, the free version of Bitdefender Antivirus and the 2019 Avira Antivirus Software and several McAfee Antivirus solutions.īoth of them may allow hackers to exploit systems that run unpatched versions to drop malicious payloads and to escape detection in the later stages of an attack. This is not the first local privilege vulnerability escalation problem that SafeBreach Labs Security Researcher Peleg Hadar told a security vendor this year, who also discovered Symantec Endpoint Protection LPE.
Not the first LPE bug to security vendors # Symantec Endpoint Protection is a series of security solutions for computers and servers, including intrusion prevention, firewall, data loss prevention and malware.
0 kommentar(er)
