Security Alert (A16-06-04): Multiple Vulnerabilities in Symantec Products


 

Published on: 30 June 2016

  
  

Description:

Symantec has published security advisories to address multiple vulnerabilities which affect several Symantec products. A remote attacker could entice a user to access a malicious link or open a specially crafted file to exploit the vulnerabilities.

 

Affected Systems:

  • Symantec Endpoint Protection version 12.1 MP4 and prior
  • Norton AntiVirus, Norton Product Family, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360 prior to NGC version 22.7
  • Norton Bootable Removal Tool prior to version 2016.1
  • Norton Power Eraser prior to version 5.1
  • Norton Security for Mac prior to version 13.0.2
  • Symantec Advanced Threat Protection
  • Symantec CSAPI version 10.0.4 and prior
  • Symantec Data Center Security: Server version 6.0, 6.0MP1, 6.5, 6.5MP1, 6.6, 6.6MP1
  • Symantec Email Security Server .Cloud
  • Symantec Mail Security for Domino version 8.0.9 and prior, 8.1.3 and prior
  • Symantec Mail Security for Microsoft Exchange version 7.0.4 and prior, 7.5.4 and prior
  • Symantec Message Gateway version 10.6.1-3 and prior
  • Symantec Message Gateway for Service Providers version 10.5 and 10.6
  • Symantec Protection Engine version 7.0.5 and prior, 7.5.4 and prior, 7.8.0
  • Symantec Protection for SharePoint Servers version 6.03 to 6.05, 6.0.6 and prior
  • Symantec Web Gateway
  • Symantec Web Security .Cloud 

 

Impact:

A successful attack could lead to denial of service, elevation of privileges, security restriction bypass, or arbitrary code execution on an affected system.

 

Recommendation:

Symantec has released new patches of the listed products to address the issues and they can be downloaded through Symantec website, Symantec File Connect and Norton LiveUpdate.

Users of affected systems should follow the recommendations and best practices provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
https://www.us-cert.gov/ncas/current-activity/2016/06/29/Symantec-Releases-Security-Updates
https://www.hkcert.org/my_url/en/alert/16063001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2209 (to CVE-2016-2211)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3644 (to CVE-2016-3653)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5304 (to CVE-2016-5307)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8801 



Tag: Symantec , Symantec Endpoint , Norton
Tags