Vulnerability in Symantec Encryption Desktop

[German]Symantec Encryption Desktop encryption solution includes a critical local privilege escalation vulnerability that can be used to attack the encrypted NTFS data.


Blog reader Leon pointed me to this document, published on November 28, 2017, from Labs Nettitude. Nettitude has discovered the vulnerability in July 2017 and cooperated with Symantec to close this vulnerability in Desktop products. Because Symantec didn't patch, the security researcher decided to go public with their discovers. Affected are:

  • Symantec Encryption Desktop Suite Version 10.4.1 MP2HF1 (Build 777) and earlier.
    • Module: PGPwded.sys v10.4.1 (Build 774)
  • Symantec Endpoint Encryption Version v11.1.3 MP1 (Build 810) and earlier.
    • Module: eedDiskEncryptionDriver.sys v11.1.3 (Build 810)

Manipulating Input/Output Control Requests (IOCTLs) commands, a users can gain full privileges and influence disk read/write functions of the kernel driver.

(Source: YouTube)

The video above shows the details. I don't know if Symantec Encryption Desktop has been patched now and whether it is in common uses in enterprises.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *