Page may be out of date

This page has not been updated in the last 5 years. The content on this page may be incorrect. If you have any questions please contact the web team.

Symantec Releases Security Update SYM16-010

July 27, 2016

Symantec Decomposer Engine Multiple Parsing Vulnerabilities

Just a quick note to Info Tech Service Providers and IT Service Desk Teams to make you aware of a recent announcement by Symantec and US-CERT about a vulnerability with the Symantec Decomposer Engine.

Overview

According to Symantec, parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantec’s Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.

Solution

This issue was resolved via a maintenance patch release to the Symantec Endpoint Protection (SEP) client software for Microsoft Windows OS. Windows SEP clients updated to at least version 12.1.7004.6500 (aka 12.1.6 MP5) will be protected against this vulnerability.

How can I verify that my client has been patched?

Symantec Endpoint Protection (SEP) client running version 12.1.7004.6500 will have already received this update. Marshall University has updated our campus software distribution points to make this latest release available via background update to all currently managed clients. The update will require a reboot of the client computer in order to complete the upgrade process.

IT Information Security team will be working with IT Service Desk team to identify and remediate any SEP clients with out of date software versions. Please report any unresolved background update issues via MU Support ticket or an e-mail to itservicedesk@marshall.edu.

Reference Links

Security Advisories Relating to Symantec Products – Symantec Decomposer Engine Multiple Parsing Vulnerabilities
https://support.symantec.com/en_US/article.ALERT2047.html
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Symantec Releases Security Update
https://www.us-cert.gov/ncas/current-activity/2016/06/29/Symantec-Releases-Security-Updates
Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system and cause a denial-of-service condition. Users and administrators are encouraged to review Symantec Security Advisories SYM16-010(link is external) and SYM16-011(link is external) and apply the necessary updates.

Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: 304-696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec

Recent Releases

[Service Change]: Retire MILO/Self-Service Banner 8, New Proxy Management Interface (10/28)

October 21, 2024

[Service Outage]: Banner Testing (9/21/24)

September 16, 2024

[Service Change]: Dynamic Forms SSO transition to the cloud

September 11, 2024