Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

Original release date: August 04, 2014

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain full privileges on an affected system.

US-CERT recommends that users and administrators review the associated Symantec Knowledge Base Article TECH223338 and CERT Vulnerability Note VU#252068 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Windows Registry Infecting Malware Has NO Files

This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived [...] The post...

Read the full post at darknet.org.uk

Critical code execution bug in Samba gives attackers superuser powers

A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.

Samba is an open source implementation of the file-sharing components of Microsoft Windows. Most Linux releases and a wide variety of other operating systems use Samba to handle file-sharing with Windows systems.

The newly discovered bug can be exploited by sending specially manipulated traffic to a vulnerable system. The remote code execution vulnerability resides in Samba's nmbd NetBIOS name service daemon and is the result of the daemon incorrectly handling certain memory operations. The bug was found and fixed by Volker Lendecke, a Samba Team member working for SerNet.

Read 2 remaining paragraphs | Comments