Just last month Symantec, makers of Norton Anti-Virus experienced serious security holes, and it appears to have happened again…
Symantec is struggling to keep their software up to date and free of security vulnerabilities. Just last month the company was ousted by security researcher, Travis Ormandy, who reported their security holes left hackers open to send emails to their users that could effectively infect their computers. The users would not even need to open the email, simply receiving it would be enough access to wreak havoc. This issues appears to remain, along with additional issues.
Ormandy found that some Windows platforms had vulnerabilities coded within the kernel themselves. This means, with this vulnerability, the hackers could conduct remote kernel memory corruption, again without any interaction from the user.
The problems are within the automatic configuration of the software. This impacts their entire product lines including:
- Norton Security, Norton 360 and other legacy Norton products (All platforms)
- Symantec Endpoint Protection (All versions on all platforms)
- Symantec Email Security (All platforms)
- Symantec Protection Engine (All platforms)
- Symantec Protection for SharePoint Servers
Ormandy reported that some of these programs cannot be patched via upgrades, and urged the program administrators to take immediate action to ensure their security. To read Ormandy’s full blog post, click here.