[Micronet] Serious security vulnerability affecting SEP 11

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Serious security vulnerability affecting SEP 11

Allison Henry
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Micronetters,

On Nov 5, US-CERT announced a serious vulnerability affecting the
Symantec Antivirus scan engine used by Symantec Endpoint Protection
(SEP) v11:

http://www.kb.cert.org/vuls/id/985625

Symantec's response was released today:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00

The advisory indicates that all versions of SEP 11.0 and SEP 12.0 are
affected. The "solutions" they provide in the advisory include:

1. Workaround: Disable AV scanning of CAB files
2. Update to SEP 12.1

The Berkeley Security website has been updated with SEP 12.1 clients
and Administrator software only. Please note these are not customized
clients and do not report to the central SEP management console.
Clients supporting Windows 8 and Mac OS X 10.8 are not yet available
from Symantec.

We are posting many more details and discussion on the UCB-Security
mailing list, so please follow the discussion and post any questions
about it there. I will make another Micronet announcement when we have
more recommendations for dealing with this issue. Thanks all,

- --
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCbC9wACgkQKzbis0Yjv224QgCbBFHY9BLtK9E6nk3YAizIcGGo
SUIAn0zSVkgR0/evtJi5oQvUCPZ4H23C
=F0Bc
-----END PGP SIGNATURE-----

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Serious security vulnerability affecting SEP 11

Mike Friedman
On 2012-11-07 17:33, Allison Henry wrote:

The Berkeley Security website has been updated with SEP 12.1 clients
and Administrator software only. Please note these are not customized
clients and do not report to the central SEP management console.

Allison,

I upgraded my SEP client to 12.1 on my home Windows 7 machine and now I notice that it does apparently communicate with the SNS management console.  At least the little green dot shows on the SEP icon once I'm connected to the campus VPN.  Does that mean this version (that I downloaded yesterday from software-central.berkeley.edu) actually is customized?

Mike


-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Serious security vulnerability affecting SEP 11

Allison Henry
On 11/9/2012 8:26 PM, Mike Friedman wrote:

> I upgraded my SEP client to 12.1 on my home Windows 7 machine and now I
> notice that it /does/ apparently communicate with the SNS management
> console.  At least the little green dot shows on the SEP icon once I'm
> connected to the campus VPN.  Does that mean this version (that I
> downloaded yesterday from software-central.berkeley.edu) actually /is/
> customized?

Hi Mike, the installers now posted are not customized and are just a
ZIP of what is on the admin CD. However, if you perform an upgrade
over an existing SEP11 install, all settings including management
console connectivity, will be retained. If you want to install SEP12.1
with the default settings and no management console connectivity, you
can uninstall your current SEP, reboot, then run the SEP12 installer.
Otherwise, there's no harm in leaving the management console settings in.

--
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Serious security vulnerability affecting SEP 11

Mike Friedman
On 2012-11-10 14:55, Allison Henry wrote:

> On 11/9/2012 8:26 PM, Mike Friedman wrote:
>
>> I upgraded my SEP client to 12.1 on my home Windows 7 machine and now I
>> notice that it /does/ apparently communicate with the SNS management
>> console.  At least the little green dot shows on the SEP icon once I'm
>> connected to the campus VPN.  Does that mean this version (that I
>> downloaded yesterday from software-central.berkeley.edu) actually /is/
>> customized?
> Hi Mike, the installers now posted are not customized and are just a
> ZIP of what is on the admin CD. However, if you perform an upgrade
> over an existing SEP11 install, all settings including management
> console connectivity, will be retained. If you want to install SEP12.1
> with the default settings and no management console connectivity, you
> can uninstall your current SEP, reboot, then run the SEP12 installer.
> Otherwise, there's no harm in leaving the management console settings in.

Allison,

I have no problem with the way it is.  I was just curious about what
appeared to be a discrepancy in behavior from what you had said.  Yes, I
did an upgrade, so that explains it.

Thanks.

Mike

--
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.