12.20.2004

There is a vulnerability with LiveUpdate. Please use LiveUpdate to download a fix.

I hate security updates like this.

From: http://www.securityfocus.com/bid/11873/discussion/

Symantec Windows LiveUpdate is reported prone to a local privilege escalation vulnerability. This issue can allow a local unprivileged attacker to gain administrative privileges on a vulnerable computer. It is reported that this issue only presents itself during an interactive LiveUpdate session. A local attacker may influence the LiveUpdate GUI Internet options configuration functionality in a manner that grants them elevated privileges. This issue affects Windows LiveUpdate on computers running retail versions of Symantec products and Symantec AntiVirus for Handhelds Corporate Edition v3.0.

And the solution: http://www.securityfocus.com/bid/11873/solution/

Symantec has released Windows LiveUpdate 2.5 to address this issue. This version can be automatically installed on vulnerable systems by running LiveUpdate. It is also available for download from the following location: http://www.symantec.com/techsupp/files/lu/lu.html

No comments:

Post a Comment