Symantec, McAfee Patch Privilege Escalation Bugs

Symantec, McAfee Patch Privilege Escalation Bugs
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.

Symantec and McAfee have patched a near identical vulnerability in their respective endpoint protection software that would have made it easier for attackers with prior admin access to a system to create more damage.


In both instances, the flaws were reported by security vendor SafeBreach and stemmed from a lack of signature validation when code was being loaded into certain processes of the respective vendor software.


SafeBreach's analysis shows multiple signed processes in McAfee's endpoint protection software and one service in Symantec's equivalent products attempting to load a dynamic-link library (DLL) from a path that didn't exist.


SafeBreach researchers developed a proof-of-concept exploit showing how an attacker could have exploited that issue to bypass self-defense mechanisms and load an arbitrary, unsigned DLL into processes running ..