Symantec Releases security update

Number: AV16-106
Date: 29 June 2016

Purpose

The purpose of this advisory is to bring attention to the recently released Symantec security updates.

Assessment

Symantec has released a Security Advisory to address critical vulnerabilities that could allow a remote attacker to execute arbitrary code on affected systems.

Affected software versions:

  • Advanced Threat Protection (ATP)
  • Symantec Data Center Server (SDCS:SA) versions 6.5 MP1 and 6.6 MP1
  • Symantec Critical System Protection (SCSP) version 5.2.9 MP6
  • Symantec Embedded Systems Critical System Protection (SES:CSP) versions 1.0 MP5 and 6.5.0 MP1
  • Symantec Web Security .Cloud
  • Email Security Server .Cloud (ESS)
  • Symantec Web Gateway
  • Symantec Endpoint Protection (SEP) versions 12.1.6 MP4 and prior
  • Symantec Endpoint Protection for Mac (SEP for Mac) versions 12.1.6 MP4 and prior
  • Symantec Endpoint Protection for Mac (SEP for Mac) versions 12.1.6 MP4 and prior
  • Symantec Endpoint Protection for Linux (SEP for Linux) versions 12.1.6 MP4 and prior
  • Symantec Protection Engine (SPE) versions 7.0.5 and prior, and 7.5.4 and prior (AWS platform)
  • Symantec Protection for SharePoint Servers (SPSS) versions 6.03 to 6.05, and 6.0.6 and prior
  • Symantec Mail Security for Microsoft Exchange (SMSMSE) versions 7.0.4 and prior, and 7.5.4 and prior
  • Symantec Mail Security for Domino (SMSDOM) versions 8.0.9 and prior, and 8.1.3 and prior
  • CSAPI versions 10.0.4 and prior
  • Symantec Message Gateway (SMG) versions 10.6.1-3 and prior
  • Symantec Message Gateway for Service Providers (SMG-SP) versions 10.5 and 10.6
  • Norton AntiVirus prior to NGC 22.7
  • Norton Security prior to NGC 22.7
  • Norton Security with Backup prior to NGC 22.7
  • Norton Internet Security prior to NGC 22.7
  • Norton 360 prior to NGC 22.7
  • Norton Security for Mac prior to 13.0.2
  • Norton Power Eraser (NPE) prior to 5.1
  • Norton Bootable Removal Tool (NBRT) prior 2016.1

CVE References: CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Date modified: