Symantec Endpoint Protection (14 MP1, 14 MP2, 14 RTM, 14 RU1, 14 RU1 MP1, 14 RU1 MP1a, 14 RU1 MP1b, 14 RU1 MP2, 14 RU1a, 14.0 MP2a, 14.2, 14.2 MP1, 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2, 14.2 RU2 MP1, 14.3, 14.3 RU1), Data Center Security (versions before 6.9.1) and Cloud Workflow Protection (before 1.6.1) have been identified as vulnerable to an uncaught exception that can allow an attacker running locally to crash a driver and cause a service interruption on the machine.
Vulnerable software versions
Symantec Endpoint Protection: 14 MP1, 14 MP2, 14 RTM, 14 RU1, 14 RU1 MP1, 14 RU1 MP1a, 14 RU1 MP1b, 14 RU1 MP2, 14 RU1a, 14.0 MP2a, 14.2, 14.2 MP1, 14.2 RU1, 14.2 RU1 MP1, 14.2 RU2, 14.2 RU2 MP1, 14.3, 14.3 RU1
Data Center Security (DCS) Windows Agent: before 6.9.1
Cloud Workload Protection (CWP) Windows Client: before 1.6.1
An uncaught exception is a type of software defect where an error situation isn't handled gracefully and can cause unexpected behaviors. In the case of this report, an attacker can deliberately inject bad information into a a DCS/CWP driver that causes it to crash and potentially crashes the machine.
Note: This is not a remote code execution vulnerability, the attacker must be running the code locally and already authenticated.
Install the latest build of one of the affected products. New versions contain a fix to this defect.
SEP : Upgrade to 14.3 RU1 MP1 (or later)
**Note: This issue only impacts SEP if it is managed by ICDm or has connected to an ICDm-connected SEPM
DCS : Upgrade to 6.9.1
**Note: This issue only impacts DCS agent if Intrusion Prevention is enabled. Prevention policy enforcement mitigates the issue.
CWP : Upgrade to 1.6.1