- Supporto per utenti domestici
- Supporto per aziende
- Articoli di supporto generici
- Support issue archive
- Support Forum
- Strumenti di supporto
- Bollettini sulla sicurezza [EN]
- Security Response
- Perdita della chiave di autenticazione
- Retrieve Installation Key
- Manuali per l'utente
- Programmi di installazione
- Versioni beta [EN]
Privilege escalation vulnerability in Norman Security Suite (32 bits)
03 October 2011
Issue
A vulnerability in the driver nprosec.sys has been identified. This driver is used by the 32 bits Windows version of Norman Security Suite version 8 and 9.
The issue is an escalation of privilege vulnerability, which may allow an attacker with access to the computer to increase her user rights to e.g. SYSTEM.
Proof-of-concept program code has been published on the Internet.
Affected software
- Norman Security Suite version 8, 32 bits version
- Norman Security Suite version 9, 32 bits version
- Third party software using rebranded versions of vulnerable versions of Norman Security Suite
Vulnerability information
Vulnerable operating systems
The driver nprosec.sys that is affected by the vulnerability is used by Norman Security Suite version 8 and 9 on all supported versions of 32 bits Windows operating systems.
Operating systems not vulnerable
- 64 bits Windows operating systems
- Linux operating systems.
Mitigating factors
The vulnerability cannot be remotely exploited.
Update status
Norman has published a fix for this vulnerability 3 October 2011.
Affected systems will automatically download the update when Internet Update is run.
Acknowledgements
Jérémy Brun-Nouvion (Xst3nZ) informed Norman about this vulnerability28 September 2011.
Revision history
- 2011-10-03: Bulletin created
