Symantec product engineers verified the reported issues.ĭepending on the nature of the link it is possible for the URL to execute arbitrary html requests and scripts in the context of the targeted user Because both cross-site scripting and cross-site request forgery are trust exploitations, they generally require enticing a previously authenticated user to click on a link in a context such as a website or in an email.Ī successful exploitation of these issues is possible once a properly authenticated user clicks on a specially crafted link. Symantec engineers fixed the issues in Symantec Endpoint Protection 12.1 RU1. Updates will be available through customers' normal support/download locations.Īs part of normal best practices, Symantec strongly recommends: Symantec knows of no exploitation of or adverse customer impact from these issues. Restrict access to administration or management systems to privileged users. Restrict remote access, if required, to trusted/authorized systems only. Run under the principle of least privilege where possible to limit the impact of exploit by threats. Keep all operating systems and applications updated with the latest vendor patches.įollow a multi-layered approach to security.
This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.ĭeploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. #DOWNLOAD SYMANTEC ENDPOINT PROTECTION MANAGER CONSOLE 12.1 CODE#.
0 kommentar(er)
