• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Products "seriously compromised" July 2016

Having just been defending Norton elsewhere, my confidence was dented when, in reply to my defence, I was given these two links about an alleged major issue with all Norton products last July:

http://fortune.com/2016/06/29/symantec-norton-vulnerability/

https://isc.sans.edu/diary/Critical+Symantec+Endpoint+Protection+Vulnerability/21209

This sentence in the second link has confused me: "You will need to update the actual Symantec product, which is different from performing a signature update (the signature update happens automatically)".

I have no doubt that Norton will have quickly dealt with the problems but as I don't remember any publicity here (and I have searched) I've no idea which way I updated my products. Need I check anything? Was the Identity Safe affected?

Win10 Home v1803 build 17134.345/HP envy/EDGE (rubbish)/IE11 (RIP)11.285.17134.0/ OFFICE 365 Home Personal/Norton Security

Replies

Kudos1 Stats

Re: Norton Products "seriously compromised" July 2016

Please check the link below and scroll down to Norton products. All versions prior to 22.7 were affected. You can check you version under "help-->about" .Latest version is 22.9.1.12 https://www.symantec.com/security_response/securityupdates/detail.jsp?fi...

You can find Symantec vulnerability advisories below https://www.symantec.com/security_response/securityupdates/list.jsp?fid=...
Kudos1 Stats

Re: Norton Products "seriously compromised" July 2016

Taffy_078:  I have no doubt that Norton will have quickly dealt with the problems but as I don't remember any publicity here (and I have searched) [..].

for example > https://community.norton.com/en/search/site/SYM16-010 

Kudos1 Stats

Re: Norton Products "seriously compromised" July 2016

Taffy_078:

...This sentence in the second link has confused me: "You will need to update the actual Symantec product, which is different from performing a signature update (the signature update happens automatically)".

I have no doubt that Norton will have quickly dealt with the problems but as I don't remember any publicity here (and I have searched) I've no idea which way I updated my products. Need I check anything? Was the Identity Safe affected?

Hi Taffy_078:

You might want to read RLWA32's thread Support of NIS 21.7.0.11 Discontinued since Tony Weiss participated in that thread.  The patch was applied with little fanfare when Norton v22.6 users were updated to v22.7 via an Automatic LiveUpdate back in June 2016.  There was no mention of these SYM16-010 vulnerabilities in the What's New section of the Norton 22.7 Product Update available now announcement and no official announcement pinned in the Norton forum, but the most egregious omission was that Symantec failed to warn Norton v21.x users that they would have to upgrade to v22.x in order to be protected.

To add insult to injury, machines with older CPUs that do not support the SSE2 instruction set can't be upgraded from v21.x to v22.x per the support article Message: "An unsupported processor has been detected. This version of the product requires a processor that supports the SSE2 instruction set…" appears when I install my Norton product.  Symantec's decision not to patch v21.7.0.11 for the vulnerabilities listed in security advisory SYM16-010 means that Norton v21 users are still receiving daily definition updates via LiveUpdate but may not know that their scan engine was never patched for these vulnerabilities.  The SSE2 issue was raised several times in RLWA32's thread and Symantec repeatedly ignored those concerns.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.0.2 * NIS v22.9.1.12 * MBAM Premium v2.2.1

Kudos0

Re: Norton Products "seriously compromised" July 2016

Thank you all - very useful info. I have the latest version so I can relax. Sorry though to hear about the v21.x users, Imacri.

Win10 Home v1803 build 17134.345/HP envy/EDGE (rubbish)/IE11 (RIP)11.285.17134.0/ OFFICE 365 Home Personal/Norton Security

This thread is closed from further comment. Please visit the forum to start a new thread.