Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Symantec Patches Antivirus Vulnerability

Symantec on Friday released intrusion prevention system (IPS) signatures that provide protection from a recently discovered vulnerability in its antivirus software that allows remote users to launch worm attacks.

The vulnerability affects Symantec Client Security 3.1 and Symantec AntiVirus Corporate Edition 10.1, and the vendor has released IPS signatures via LiveUpdate for Symantec Client Security that provides protection from future exploits, Symantec confirmed Friday.

The vulnerability was originally discovered on May 24 by researchers from eEye Digital Security. They rated the flaw as highly severe because it doesn't require any user interaction in order to be exploited, making it especially conducive to worm attacks, according to a spokesperson for eEye, Aliso Viejo, Calif.

"As a trend, we are seeing the complexity of software increase and [as a result] the existence of vulnerabilities is pretty prevalent at the application layer," the eEye spokesperson said. "Anytime you have complex software there are going to be vulnerabilities."

"Any software that's Internet-facing and is reachable from the outside is potentially wormable," said Roger Thompson, CTO of Atlanta-based security start-up Exploit Prevention Labs and a longtime security researcher.

  • 1