Symantec security update
A flawed driver in Symantec's anti-virus products can be exploited to crash a PC. According to Symantec, the affected SPBBCDRV.SYS driver stumbles when flawed arguments are submitted to the NtCreateMutant and NtOpenEvent functions. While the flaw can only be exploited by users who are logged into a system, even users with restricted access rights are able to exercise the bug. In principle, the flaw could also be exploited to launch a DoS attack via injected malware.
According to Symantec, the problem mainly affects old products like Norton 360 1.x, Norton AntiSpam 2004 and 2005, Norton AntiVirus 2004 to 2008, Norton Internet Security 2004 to 2008, Norton Personal Firewall 2004, 2005, 2006, Norton System Works 2004, 2005, 2006, Symantec AntiVirus Corporate Edition 10.0.x and 10.1.x as well as Symantec Client Security 3.0.x. The vendor has released updates and is distributing them to end users through it's LiveUpdate service. Enterprise customers will need to download the updates manually, so they can distribute and install them as appropriate.
According to the advisory on SecurityFocus, the vulnerability appears to have been known since April 2007. David Matousek initially discovered the flaw and reported it in Norton Personal Firewall and Norton Internet Security. Why it took Symantec so long to fix the issue in its other products remains unclear.
See also:
- Symantec SPBBCDRV.SYS Device Driver Local Denial of Service, Symantec's advisory
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
