Windows 10: Symantec won't patch 'catastrophic' security flaws until mid-July

Page 1 of 2 12 LastLast

  1. Posts : 85
    Windows 10, 64 bit
       07 Jul 2016 #1

    Symantec won't patch 'catastrophic' security flaws until mid-July


    Symantec admits it won't patch 'catastrophic' security flaws until mid-July

    SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.
    Patches were rushed out to cover some of the "as bad as it gets" flaws identified by Project Zero, but patches to secure the fundamental architectural flaws are still some weeks away.
    Symantec admits it won't patch 'catastrophic' security flaws until mid-July | TheINQUIRER
      My ComputerSystem Spec

  2.    07 Jul 2016 #2

    This kind of thing is one of the reasons why I won't ever install Symantec software on any of my PCs.
      My ComputersSystem Spec

  3.   My ComputerSystem Spec


  4. Posts : 74
    Windows 10 Pro x64 V1607 b14393
       08 Jul 2016 #4

    Way to go Symantec. I now regret having used your software for nearly a decade with another 2 years to go before my NS subscription expires. Talk about a rude awakening! Time to look for something new.

    PS - Just remembered I have current subscriptions to BD Total Security & Kaspersky Internet Security. Thing is, are these safe or do they have security holes?
      My ComputerSystem Spec


  5. Posts : 85
    Windows 10, 64 bit
    Thread Starter
       08 Jul 2016 #5

    Probably all security products have security holes. It's just a matter of when they are discovered and how long it takes to get patched.
      My ComputerSystem Spec


  6. Posts : 85
    Windows 10, 64 bit
    Thread Starter
       08 Jul 2016 #6

    Symantec - the popular computer protector - may actually help hackers, feds warn

    ...Computer security experts have long voiced concerns that cybersecurity software is riddled with flaws. Researchers often focus lots of attention to spot mistakes in popular computer programs, but they devote little time to strengthening the popular software used as protection.

    Symantec is no exception.
    "By installing their software you're actually making yourself less secure. There's an irony in that," said Jack Daniel, a computer security expert in Massachusetts.
    Symantec said it has not yet seen hackers exploiting these bugs to enter people's computers. But in the computer world, that could mean that no one's been caught.
    Symantec - the popular computer protector - may actually help hackers, feds warn - Jul. 7, 2016
      My ComputerSystem Spec

  7.    08 Jul 2016 #7

    PaulGo said: View Post
    Probably all security products have security holes. It's just a matter of when they are discovered and how long it takes to get patched.
    I totally agree. All security programs have to constantly update to keep up with all the security risk. It's a never ending cycle.
      My ComputerSystem Spec

  8.    09 Jul 2016 #8

    "Symantec Response

    Symantec has verified these issues and addressed them in product updates as identified in the solution portion of the affected products matrix above. We have also added additional checks to our Secure Development LifeCycle to mitigate similar issues in future.


    Symantec is not aware of these vulnerabilities being exploited in the wild.


    To fully mitigate the identified vulnerabilities, Symantec recommends applying the required patches to the affected products as soon as possible. This is the only means to ensure that installed products cannot be exploited. Symantec has released the following list of AV signatures in an effort to block/detect attempts at exploitation.


    Vulnerabilities

    Signatures

    LiveUpdate rev.


    RAR decompression memory access violation

    EXP.CVE-2016-2207

    20160628.037


    Dec2SS buffer overflow

    EXP.CVE-2016-2209

    20160628.037


    Dec2LHA buffer overflow

    EXP.CVE-2016-2210

    20160628.037


    CAB decompression memory corruption

    EXP.CVE-2016-2211

    20160628.037


    MIME message modification memory corruption

    EXP.CVE-2016-3644

    20160628.037


    TNEF integer overflow

    EXP.CVE-2016-3645

    20160628.037


    ZIP decompression memory access violation

    EXP.CVE-2016-3646

    20160628.037



    Update Information
    All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates."

    The way I read this is that Symantec has already addressed and fixed the problem.
      My ComputerSystem Spec

  9.    09 Jul 2016 #9

    Not that I worry but since using windows 10, I have not been able to install and run for more than a week any 3rd party antivirus without defender kicking up not letting updates through, so I have just accepted that and keep defender and paid for malwarebyghtes, cant do with the hassle of fighting Microsoft..
      My ComputerSystem Spec


  10. Posts : 85
    Windows 10, 64 bit
    Thread Starter
       09 Jul 2016 #10

    From my reading of this Symantec has addressed most of the problems but the major one on the workstations has yet to be addressed:

    "The cloud-based versions of Symantec's Endpoint Protection Small Business Edition will finally be updated this week, but users of the workstation versions will have to wait weeks."
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Read more: Microsoft to change location of some security updates as of May Patch Tuesday | ZDNet
Adobe updates Flash Player to resolve 79 security flaws Adobe has pushed out an updated version of Flash Player that resolves a total of 79 security flaws in its last security update of the year. The release addresses critical...
Dell, Toshiba, and Lenovo PCs at risk of bloatware security flaws in AntiVirus, Firewalls and System Security
Dell, Toshiba, and Lenovo PCs at risk of bloatware security flaws | ZDNet
Read more: http://news.softpedia.com/news/living-on-the-edge-25-security-flaws-found-in-microsoft-s-internet-explorer-496012.shtml?utm_content=buffer5228b&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Read more: http://news.softpedia.com/news/security-flaws-found-in-google-chromecast-home-security-systems-smart-coffee-makers-495864.shtml#sgal_1
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:30.
Find Us