Symantec Endpoint Protection recently fixed a local privilege escalation security flaw influencing all software variants before 14.2 RU2 by enabling attackers to raise benefits on undermined devices and execute noxious code utilizing SYSTEM privileges.
Security researcher Peleg Hadar was the person who discovered the Symantec Endpoint Protection LPE bug and shockingly this isn't the first time when a security local privilege escalation issue was reported to a security vendor.
The Symantec Endpoint Protection LPE bug currently tracked as CVE-2019-12758 requires potential attackers to have Administrator privileges to effectively exploit the issue to Hadar. While the danger level of this vulnerability isn't immediately evident, such bugs are normally evaluated with medium and high 'severity' CVSS 3.x base scores.
As indicated by Hadar, attackers misuse DLL search-order hijacking issues, such as this as part multi-stage attacks in the wake of penetrating a target's machine to 'elevate permissions' in order to additionally compromise the device.
“The vulnerability gives attackers the ability to load and execute malicious payloads within the context of a Symantec’s signed process," Hadar states. Symantec albeit effectively tended to the LPE vulnerability in the Symantec Endpoint protection 14.2 RU2 release issued on October 22, 2019.
In any case he further specified that that misuse of the CVE-2019-12758 bug on machines running 'vulnerable' adaptations of Symantec Endpoint Protection could likewise make it feasible for attackers to load and dispatch malevolent code each time the Symantec administrations are loaded on the system, picking up 'persistence' between system reboots.