Symantec has released an update to address an issue in the Symantec Encryption Desktop product.
Symantec Encryption Desktop (SED)
|
|
CVE-2017-6330
|
Prior to 10.4.1MP2
|
Upgrade to 10.4.1MP2
CVE-2017-6330
Severity/CVSSv3:
|
Medium / 5.7 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Impact:
|
Securityfocus: BID 100552 / NVD: CVE-2017-6330
Denial of service
Description:
|
A Denial of Service (DoS) attack, is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. DoS attacks can occur when a system becomes flooded with specific network requests or subversive operations that can cause the resourced system to become unresponsive.
This issue was validated by the product team engineers. A Symantec Encryption Desktop update, version SED 10.4.1MP2, has been released which addresses the aforementioned vulnerability. Note that the Symantec Encryption Desktop's latest release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
Best Practices
Symantec recommends the following measures to reduce risk of attack: