A security flaw in Symantec products is exposing millions of computers to hacking.

Users of any of Norton or Symantec products should update their software immediately. A list of affected products is below.

Google’s Project Zero security team published an analysis of the flaws on its blog, explaining that they are particularly serious in part because they affect the entire Symantec product line.

“These vulnerabilities are as bad as it gets,” they wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

symantec

Symantec is aware of buffer overflow and memory corruption findings in the AntiVirus Decomposer engine used in various configurations by multiple Symantec products.

Affected Enterprise Products

Product

Version

Solution(s)

Advanced Threat Protection (ATP) Updated via definition updates
Symantec Data Center Security:Server (SDCS:S) 6.0
6.0MP1
6.5
6.5MP1
6.6
6.6MP1
Updated via definition updates
Symantec Web Security .Cloud Updated via hosted software update, customer interface not required
Email Security Server .Cloud (ESS) Updated via hosted software update, customer interface not required
Symantec Web Gateway Updated via definition updates
Symantec Endpoint Protection (SEP) 12.1.6 MP4 and prior Update to SEP 12.1 RU6 MP5
Symantec Endpoint Protection for Mac (SEP for Mac) 12.1.6 MP4 and prior All supported product versions updated via LiveUpdateTM
Symantec Endpoint Protection for Linux (SEP for Linux) 12.1.6 MP4 and prior Update to SEP for Linux
12.1 RU6 MP5
Symantec Protection Engine (SPE) 7.0.5 and prior Update to SPE 7.0.5 HF01
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3791.html
7.5.4 and prior SPE 7.5.4 (AWS platform) should update to SPE 7.5.4 HF01
SPE 7.5.3 and prior should Update to SPE 7.5.3 HF03
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3791.html
7.8.0 Update to SPE 7.8.0 HF01
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3791.html
Symantec Protection for SharePoint Servers (SPSS) 6.03 to 6.05 Update to Hotfix:
SPSS_6.0.3_To_6.0.5_HF_1.5
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3795.html
6.0.6 and prior Update to Hotfix:
SPSS_6.0.6_HF_1.6
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3795.html
Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.0.4 and prior Update to Hotfix:
SMSMSE_7.0_3966002_HF1.1
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3794.html
7.5.4 and prior Update to Hotfix:
SMSMSE_7.5_3966008_VHF1.2
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3794.html
Symantec Mail Security for Domino (SMSDOM) 8.0.9 and prior Update to Hotfix:
SMSDOM_8.0.9_HF1.1
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3793.html
8.1.3 and prior Update to Hotfix:
SMSDOM_8.1.3_HF1.2
For more details please refer the KB link:
https://support.symantec.com/en_US/article.INFO3793.html
CSAPI 10.0.4 and prior Update to CSAPI 10.0.4 HF01
Symantec Message Gateway (SMG) SMG 10.6.1-3 and prior Update to SMG 10.6.1-4
Symantec Message Gateway for Service Providers (SMG-SP) 10.6 SMG-SP 10.6, patch 253
10.5 SMG-SP 10.5, patch 254

 

Affected Norton Products

Norton Product Family All Prior to NGC 22.7 Updated through LiveUpdateTM
Norton AntiVirus
Norton Security
Norton Security with Backup
Norton Internet Security
Norton 360
Norton Security for Mac All Prior to 13.0.2
Norton Power Eraser (NPE) All Prior to 5.1 Updated through LiveUpdateTM
Norton Bootable Removal Tool (NBRT) All Prior to 2016.1 New Release available on Download