Symantec confirms vulnerability in antivirus software

Symantec confirmed Friday afternoon a vulnerability in its Antivirus Corporate Edition software that had been discovered by security firm Eeye. According to the company, a successful exploit of the flaw could "potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system."

At this time, Symantec has only issued IDS signatures that will be able to detect attempts to exploit the vulnerability. Network Security Appliance 7100 signatures (SU 46), Gateway Security 3.0 signatures (SU 19) and Client Security 2.0 and 3.0 signatures (SU 22) have been made available via the software's live update feature.

The company recommends that customers adjust their software policies as long as the flaw is exposed to a potential exploit. Specifically, the firm said that companies should restrict access to administration or management systems to privileged users only, keep all operating systems and applications updated with the latest vendor patches and "run both firewall and antivirus applications, at a minimum to provide multiple points of detection and protection to both inbound and outbound threats."

TOPICS

Tom's Hardware is the leading destination for hardcore computer enthusiasts. We cover everything from processors to 3D printers, single-board computers, SSDs and high-end gaming rigs, empowering readers to make the most of the tech they love, keep up on the latest developments and buy the right gear. Our staff has more than 100 years of combined experience covering news, solving tech problems and reviewing components and systems.