In the past week, Symantec has patched several vulnerabilities affecting its storage and System Center security management products.
Last Friday, Symantec patched a critical flaw in Storage Foundation for Windows version 5.0, an application for managing online storage systems.
Miscreants could exploit the glitch to bypass authentication to Storage Foundation's management console, which could allow them to infect client PCs with malicious code via the software's scan scheduling service, Symantec said in a Deepsight Threat Management System bulletin.
Symantec Deepsight gave the vulnerability its highest severity rating, 10 out of 10, but noted that the scheduling service isn't normally exposed to unauthorized hosts, which means an attacker would need to have local access to the network in order to take advantage.
Symantec also fixed a denial of service vulnerability affecting the Windows and Unix versions of its Veritas Volume Replicator software, to which it assigned a severity rating of 6.7 out of 10.
On Monday, Cupertino, Calif.-based Symantec patched a pair of flaws in Reporting Server, a web application that companies use in conjunction with the vendor's System Center console to generate reports for the Symantec Client Security and Antivirus products installed on their networks.
The more serious of the two is a remote privilege escalation flaw that could give attackers the ability to cobble together export data to create a malicious executable, according to a Tuesday Symantec Deepsight, which assigned a severity score of 8.9 on a 10 point scale to the flaw.
Symantec Deepsight gave a severity score of 7.8 to a separate vulnerability affecting the software's authentication mechanism that could allow hackers to gain access to the reporting database without logging in.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
