Symantec Releases Security Update SYM16-010


Symantec Decomposer Engine Multiple Parsing Vulnerabilities

Just a quick note to Info Tech Service Providers and IT Service Desk Teams to make you aware of a recent announcement by Symantec and US-CERT about a vulnerability with the Symantec Decomposer Engine.

Overview

According to Symantec, parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantec’s Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.

Solution

This issue was resolved via a maintenance patch release to the Symantec Endpoint Protection (SEP) client software for Microsoft Windows OS. Windows SEP clients updated to at least version 12.1.7004.6500 (aka 12.1.6 MP5) will be protected against this vulnerability.

How can I verify that my client has been patched?

Symantec Endpoint Protection (SEP) client running version 12.1.7004.6500 will have already received this update.  Marshall University has updated our campus software distribution points to make this latest release available via background update to all currently managed clients. The update will require a reboot of the client computer in order to complete the upgrade process.

IT Information Security team will be working with IT Service Desk team to identify and remediate any SEP clients with out of date software versions. Please report any unresolved background update issues via MU Support ticket or an e-mail to itservicedesk@marshall.edu.

Reference Links

  • Security Advisories Relating to Symantec Products – Symantec Decomposer Engine Multiple Parsing Vulnerabilities
    https://support.symantec.com/en_US/article.ALERT2047.html
    https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: (304) 696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec