Symantec Endpoint Protection COM Hijacking Vulnerability

A COM hijacking vulnerability has been identified in Symantec Endpoint Protection (SEP) Windows Client, affecting versions prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3. This vulnerability allows an attacker to establish persistence and evade detection by hijacking COM references in the Windows Registry.

Impact

Exploitation of this vulnerability could lead to unauthorized persistence on the system, allowing an attacker to evade detection.

Remediation

Users can upgrade to Symantec Endpoint Protection 14.3 RU10 (14.3.12167.10000), 14.3 RU9 (14.3.11237.9000), or 14.3 RU8 (14.3.10178.8000). The latest releases and patches are available through normal support channels. Versions 14.3 RU10 and 14.3 RU9 can be obtained via Symantec LiveUpdate for Cloud-Managed and On-Premise customers. The 14.3 RU8 update is available through LiveUpdate to the Symantec Endpoint Protection Manager.