Symantec slams the door on Live Update flaw

Symantec slams the door on Live Update flaw

offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

Munir Kotadia
ZDNet UK
January 13, 2004, 16:55 GMT

Security company Symantec has had to update its Live Update feature to fix a flaw that could open a security hole in the software

Security company Symantec, developer of the popular Norton AntiVirus software, fixed a problem in its Live Update feature last week - a vulnerability that could allow malicious users to gain unauthorised administrator access rights to an affected PC.

Live Update is a feature Symantec's customers use in order to keep their virus signatures and security applications up to date. It can be set to automatically connect to the Internet and check Symantec's servers for a newer version. If one is found, the software can either prompt the user or automatically download and install the update, which is the recommended setting.

According to Symantec, the problem only affects Windows versions of its software and is rather obscure, requiring "a number of conditions" to be in place before it can be exploited. If an application has been set up in multi-user mode, with privileged and non-privileged access rights, it is possible for a non-privileged user to access and manipulate the Automatic Live Update interface in order to gain privileged access to the host computer.

The vulnerability, which was discovered by US-based consultants Secure Network Operations, was published on Tuesday, by which time Symantec had already fixed the problem by making a new version (2.0) of its Live Update feature available to download.

Symantec said the latest version of the update engine will be "automatically installed on a user's machine as soon as the computer connects to the Internet." If automatic live update has been disabled, users can use still Live Update to download and install the 4MB patch as soon as possible.

This is the second embarrassing episode for Symantec in a matter of days. Last Friday, Symantec's support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest signature updates.



A sve je pocelo:
http://www.mycity.rs/phpbb/viewtopic.php?t=2714&am.....highlight=

Koristan link za korisnike NAV:
http://securityresponse.symantec.com/avcenter/cgi-bin/updates_msa.cgi



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 1119 korisnika na forumu :: 44 registrovanih, 12 sakrivenih i 1063 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, bokisha253, cemix, cenejac111, Centauro, DejanCG, dragoljub11987, Fabius, Faki-Valjevo, Frunze, Futurama, Georgius, havoc995, ILGromovnik, Istman, kokodakalo, Kriglord, Krusarac, Kubovac, Litostroton, manda87, mane123, mercedesamg, Metanoja, milenko crazy north, Milometer, MiroslavD, MrNo, nextyamb, Parker, pedja.st, pein, Prašinar, raptorsi, sasakrajina, Srki94, ss10, Tvrtko I, vargas, Vatreni Zmaj, Wrangler, YugoSlav, Žrnov, šumar bk2