Software designed to detect and remove malicious code from a customer network has a number of serious vulnerabilities that could actually lead to the very compromise its meant to protect against, according to an alert from the U.S. Computer Emergency Readiness Team (US-CERT).
Researchers from US-CERT — Homeland Security's vulnerability research and information dissemination arm — posted an alert on July 5 warning users of Symantec and Norton antivirus of critical vulnerabilities in the software packages that could allow an attacker to take control of an infected computer.
The alert details eight unique exploits, each of which has the potential to wreak havoc on a system.
"Symantec and Norton branded antivirus products contain multiple vulnerabilities," the alert states. "Some of these products are in widespread use throughout government and industry."
A cursory look through the Federal Procurement Data System shows Symantec Corp. has signed more than 1,400 contracts with federal agencies over the last 15 years and at least 14 so far in 2016. Those figures only include instances where Symantec was the prime vendor and don't cover contracts where Symantec products are part of a larger package.
"The large number of products affected (24 products), across multiple platforms (OSX, Windows and Linux) and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event," US-CERT researchers wrote in the alert. "A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities."
"Some of the vulnerabilities require no user interaction and are network-aware," researchers added, noting this "could result in a wormable-event," in which the malware begins to self-replicate and spread to other networked computers.
Symantec released two security advisories that include patches and hotfixes for all eight vulnerabilities.
"US-CERT encourages users and network administrators to patch Symantec or Norton antivirus products immediately," researchers said. "While there has been no evidence of exploitation, the ease of attack, widespread nature of the products and severity of the exploit may make this vulnerability a popular target."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.