Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

Original release date: August 04, 2014

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain full privileges on an affected system.

US-CERT recommends that users and administrators review the associated Symantec Knowledge Base Article TECH223338 and CERT Vulnerability Note VU#252068 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.