Foresight?

If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy
James Madison (American 4th US President (1809-17), and one of the founding fathers of his country. 1751-1836)

Thursday, April 12, 2007

Symantec issues a patch for it's Enterprise Security Manager...how many will do it?

Now...this is more of a wager post or is that a prediction of failure post...hrm? I am sure most remember the Time Warner screw-up!? If not, you can read up on one of my previous posts on the subject, "Geez talk about a slackin ass IT department...", in which it goes on to tell the tale of an IT department that didn't apply a patch from Symantec that was almost a year old and fell victim to a worm that exploited the very vulnerability that "should have" been patched. My guess is that some IT department in the future will not heed the warning today and let this patch fly on by and do a lot of finger pointing when it is eventually exploited on their network. So, don't be a bonehead and patch it now!

Well, now Symantec has found a vulnerability in it's ESM (Enterprise Security Manager) product that is susceptible to remote code execution. I am proud to say that Symantec found this in it's own testing and disclosed as such, which means a lot in this time when most would just sweep under the rug any vulnerabilities that may have been found under their own testing. Well done Symantec!

You can view the affected versions of ESM and get the patch on the Symantec link below, as well as read more on the vulnerability and related articles.

- "Symantec Enterprise Security Manager™ Signature Fix" @ Symantec
- "Symantec has closed critical hole in its Enterprise Security Manager" @ Heise Security
- "Symantec Patches 'High-Risk' Bug" @ Information Week
- "Geez talk about a slackin ass IT department..." @ CTRL Zone Blog

No comments: