LiveUpdate is a feature used by Symantec's customers to keep their virus signatures and security applications up to date. It can be set to automatically connect to the Internet and check Symantec's servers for a newer version. If one is found, the software can either prompt the user to download and install the update or automatically do these--the recommended setting.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| | ||||
| | ||||
According to Symantec, the problem only affects Microsoft Windows versions of its software and is rather obscure, requiring "a number of conditions" to be in place before it can be exploited. If an application has been set up in multiuser mode, with privileged and nonprivileged access rights, it is possible for a nonprivileged user to access and manipulate the Automatic LiveUpdate interface in order to gain privileged access to the host computer.
The vulnerability, which was discovered by U.S.-based consultants Secure Network Operations, was published on Tuesday, by which time Symantec had already fixed the problem by making a new version (2.0) of its LiveUpdate feature available for download.
Symantec said the latest version of the update engine will be "automatically installed on a user's machine as soon as the computer connects to the Internet." If automatic LiveUpdate has been disabled, users can still use LiveUpdate to download and install the 4MB patch as soon as possible.
This is the second embarrassing episode for Symantec in a matter of days. Last Friday, Symantec's support forums were flooded with Norton AntiVirus users that their computers were slow and unstable after they installed the latest signature updates.
ZDNet UK's Munir Kotadia reported from London.
