Symantec pcAnywhere Security Recommendations

Hi all:

 

For those that use pcAnywhere.

 

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks." Customers who rely on it for business critical purposes should install version 12.5 and apply relevant patches. PCAnywhere 12.0, 12.1, and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product, according to Symantec."

 

"There are also secondary risks associated with this situation. If the malicious user obtains the cryptographic key they have the capability to launch unauthorized remote control sessions. This in turn allows them access to systems and sensitive data," the white paper warns. "If the cryptographic key itself is using Active Directory credentials, it is also possible for them to perpetrate other malicious activities on the network."

 

http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf

 

Atomic_Blast :)