When is the last time you recall a vendor telling users to stop using one of their products?Symantec has begun advising users to disable their remote access software, pcAnywhere unless it’s absolutely needed.
Why? It all stems back to the fact that hackers stole a portion of Symantec’s source code from their servers back in 2006. Since then, Symantec has cautioned that pcAnywhere users faced a “slightly increased security risk” due to the breach.
It seems now that “slightly” is no longer the right word to describe it.
On Wednesday, Symantec released a white paper [PDF] that outlined the security risks associated with pcAnywhere, along with security recommendations and best practices.
Alongside such helpful information Symantec wrote:
“At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.”
If you need them, here are instructions on how to disable pcAnywhere.
Can’t go without pcAnywhere? Patch it & stick to the security guidelines
If you absolutely must use pcAnywhere, it’s strongly recommended that you use the most recent (and supported) version of pcAnywhere, apply any patches or updates and follow Symantec’s guide for best security practices.Just yesterday, Symantec has issued a security advisory and corresponding hotfix in order to address critical vulnerabilities.
The two security risks listed in the security advisory are remote code execution and local access file tampering; the latter would allow an attacker to elevate their file privilege.
“The remote code execution is the result of not properly validating/filtering external data input during login and authentication with Symantec pcAnywhere host services on 5631/TCP.” the advisory explains, “Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.”
As far as the file tampering security risk goes, some files installed by pcAnywhere are writable by everyone and susceptible to file tampering, which leaves the door open for an attacker to overwrite the files to gain elevated privileges. However, it should be noted that the attacker would already need access to a vulnerable system to accomplish this.
Although there hasn’t been any evidence that these vulnerabilities are being exploited in-the-wild, Symantec is not taking any chances and urges pcAnywhere users to install a hotfix in order to patch the holes. The patch can be applied either manually or automatically via LiveUpdate.
The affected products are Symantec pcAnywhere 12.5.x, IT Management Suite 7.0 pcAnywhere Solution 12.5x, and IT Management Suite 7.1 pcAnywhere Solution 12.6.x.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
No comments:
Post a Comment