Researcher from the offensive security team have found three zreo-day vulnerability in the Symantec's Endpoint Protection. As during the security auditing session at a company offering financial services, experts team have successfully exploited the Endpoints Protection security.
Offensive security team wrote -
"the same software that was meant to protect the organization under review was the reason for its compromise".
Offensive security team wrote -
"the same software that was meant to protect the organization under review was the reason for its compromise".
Expert team have found multiples vulnerability on the Symantec Endpoints Protection and they have also reported some of the security issue to the Computer Emergency Response Teams (CERT), while some have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas.
An exploit have been made, which gives the higher privileged to a potential attacker on to the system that is protected with Endpoints Protection security. Researcher have also made a video demonstration which shows the exploitation of latest version of Symantec Endpoints Protection security.
Offensive team have noted that they will be publishing the code for this privilege escalation exploit in the next few days (after the patch version will release). But at the mean time they have just published a video demonstration of exploiting the Symantec Endpoints suites.