Symantec endpoint protection. Update now!

Following Google Project Zero’s Tavis Ormandy’s How to Compromise the Enterprise Endpoint post last Tuesday, Symantec have advised everyone using their products to update them immediately.

There is a US-CERT alert here, and Symantec’s own advisory here.

What does this actually mean?

Several of the issues resolved in the updates have a potential consequence of remote code execution. Some even look worm’able.

Even sending code by email to a recipient in an organisation where Symantec products scan attachments may result in a back door.

To give you an idea of the severity of the issues this is what one commentator on Hacker News had to say:

As @johnwineman so eloquently put it: