Symantec slams the door on Live Update flaw

Security company Symantec, developer of the popular Norton AntiVirus software, fixed a problem in its Live Update feature last week - a vulnerability that could allow malicious users to gain unauthorised administrator access rights to an affected PC.

Live Update is a feature Symantec's customers use in order to keep their virus signatures and security applications up to date. It can be set to automatically connect to the Internet and check Symantec's servers for a newer version. If one is found, the software can either prompt the user or automatically download and install the update, which is the recommended setting.

According to Symantec, the problem only affects Windows versions of its software and is rather obscure, requiring "a number of conditions" to be in place before it can be exploited. If an application has been set up in multi-user mode, with privileged and non-privileged access rights, it is possible for a non-privileged user to access and manipulate the Automatic Live Update interface in order to gain privileged access to the host computer.

The vulnerability, which was discovered by US-based consultants Secure Network Operations, was published on Tuesday, by which time Symantec had already fixed the problem by making a new version (2.0) of its Live Update feature available to download.

Symantec said the latest version of the update engine will be "automatically installed on a user's machine as soon as the computer connects to the Internet." If automatic live update has been disabled, users can use still Live Update to download and install the 4MB patch as soon as possible.

This is the second embarrassing episode for Symantec in a matter of days. Last Friday, Symantec's support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest signature updates.