A security flaw in Symantec products is exposing millions of computers to hacking.
Users of any of Norton or Symantec products should update their software immediately. A list of affected products is below.
Google’s Project Zero security team published an analysis of the flaws on its blog, explaining that they are particularly serious in part because they affect the entire Symantec product line.
“These vulnerabilities are as bad as it gets,” they wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
Symantec is aware of buffer overflow and memory corruption findings in the AntiVirus Decomposer engine used in various configurations by multiple Symantec products.
Affected Enterprise Products
Product |
Version |
Solution(s) |
Advanced Threat Protection (ATP) | Updated via definition updates | |
Symantec Data Center Security:Server (SDCS:S) | 6.0 6.0MP1 6.5 6.5MP1 6.6 6.6MP1 |
Updated via definition updates |
Symantec Web Security .Cloud | Updated via hosted software update, customer interface not required | |
Email Security Server .Cloud (ESS) | Updated via hosted software update, customer interface not required | |
Symantec Web Gateway | Updated via definition updates | |
Symantec Endpoint Protection (SEP) | 12.1.6 MP4 and prior | Update to SEP 12.1 RU6 MP5 |
Symantec Endpoint Protection for Mac (SEP for Mac) | 12.1.6 MP4 and prior | All supported product versions updated via LiveUpdateTM |
Symantec Endpoint Protection for Linux (SEP for Linux) | 12.1.6 MP4 and prior | Update to SEP for Linux 12.1 RU6 MP5 |
Symantec Protection Engine (SPE) | 7.0.5 and prior | Update to SPE 7.0.5 HF01 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3791.html |
7.5.4 and prior | SPE 7.5.4 (AWS platform) should update to SPE 7.5.4 HF01 SPE 7.5.3 and prior should Update to SPE 7.5.3 HF03 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3791.html |
|
7.8.0 | Update to SPE 7.8.0 HF01 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3791.html |
|
Symantec Protection for SharePoint Servers (SPSS) | 6.03 to 6.05 | Update to Hotfix: SPSS_6.0.3_To_6.0.5_HF_1.5 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3795.html |
6.0.6 and prior | Update to Hotfix: SPSS_6.0.6_HF_1.6 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3795.html |
|
Symantec Mail Security for Microsoft Exchange (SMSMSE) | 7.0.4 and prior | Update to Hotfix: SMSMSE_7.0_3966002_HF1.1 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3794.html |
7.5.4 and prior | Update to Hotfix: SMSMSE_7.5_3966008_VHF1.2 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3794.html |
|
Symantec Mail Security for Domino (SMSDOM) | 8.0.9 and prior | Update to Hotfix: SMSDOM_8.0.9_HF1.1 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3793.html |
8.1.3 and prior | Update to Hotfix: SMSDOM_8.1.3_HF1.2 For more details please refer the KB link: https://support.symantec.com/en_US/article.INFO3793.html |
|
CSAPI | 10.0.4 and prior | Update to CSAPI 10.0.4 HF01 |
Symantec Message Gateway (SMG) | SMG 10.6.1-3 and prior | Update to SMG 10.6.1-4 |
Symantec Message Gateway for Service Providers (SMG-SP) | 10.6 | SMG-SP 10.6, patch 253 |
10.5 | SMG-SP 10.5, patch 254 |
Affected Norton Products
Norton Product Family | All Prior to NGC 22.7 | Updated through LiveUpdateTM |
Norton AntiVirus | ||
Norton Security | ||
Norton Security with Backup | ||
Norton Internet Security | ||
Norton 360 | ||
Norton Security for Mac | All Prior to 13.0.2 | |
Norton Power Eraser (NPE) | All Prior to 5.1 | Updated through LiveUpdateTM |
Norton Bootable Removal Tool (NBRT) | All Prior to 2016.1 | New Release available on Download |