Endpoint Protection

All users of LiveUpdate Administrator 2.x (LUA 2.x) are strongly encouraged to ensure they are on the latest available release, LUA 2.3.1, in order to avoid a newly discovered vulnerability in earlier versions.

Full details:

Security Advisories Relating to Symantec Products - Symantec LiveUpdate Administrator 2.3 Insecure File Permissions SYM12-009

The optional LUA tool is free to all customers with a valid contract.  To upgrade, just contact Technical Support and they will provide download details.

Thanks alot for Sharing the information Mick

Here's the official KB on how to obtain the latest release of LUA, by the way.....

How to obtain the latest version of Symantec LiveUpdate Administrator (LUA) 2.x
Article: TECH134809   |  Created: 2010-01-09   |  Updated: 2012-05-31   | 
Article URL http://www.symantec.com/docs/TECH134809 
 

Please excuse any ignorance, but we still have an older SAV 10.x environement and in it we use the LiveUpdate Administration Utlity (LUAU).  Is this the same product as the vulnerable version, or is there a difference between the LiveUpdate Administrator (LUA) and the LiveUpdate Administration Utlity (LUAU)?

Rest easy - LUAU 1.x has completely different technology under the hood.  It is not affected by this vulnerability. 

On a related note, I do encourage all admins with SAV 10 clients in their network to upgrade to SEP as soon as possible.  On 4 July 2012, SAV 10.1 will reach its end. 

Thank you!  And as for 10.1, we're almost done migrating off, less than 10% of our devices left.  Thanks for the heads up on the EOL though!

So is this the latest version ?

where is the upgrade instruction step by steps please ?

Hi Dushan,

LUA 2.3.1 is currently the most up-to-date release.  Subscribe to either of the following articles to be notified when a new version comes out:

LiveUpdate Administrator 2.3.x: Release Notes
Article: TECH155523   |  Created: 2011-03-14   |  Updated: 2011-12-12   | 
Article URL http://www.symantec.com/docs/TECH155523

How to obtain the latest version of Symantec LiveUpdate Administrator (LUA) 2.x
Article: TECH134809   |  Created: 2010-01-09   |  Updated: 2012-06-19   | 
Article URL http://www.symantec.com/docs/TECH134809 
 

LUA 2.3.1 will install right over the older LUA 2.3.0 or LUA 2.2.2.9.

Many thanks Mick for the reply, I'll perform inline upgrade with my current production LUA now.

Is there any caveats or backup before I'm doing the upgrade ?

How to backup and restore LiveUpdate Administrator (LUA) configuration in LUA 2.3
Article: TECH159239   |  Created: 2011-05-02   |  Updated: 2012-01-19   | 
Article URL http://www.symantec.com/docs/TECH159239 
 

"Contact Symantec Technical Support to obtain the latest version of LUA 2.x. LUA will be provided free of charge to all customers with valid support contracts, except where prohibited by law or international treaty restrictions."

Excuse me for stupid question, but how may I Contact Symantec Technical Suppor ?

Here's the link from the Symantec Tech Support:

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=v57903068_EndUserProfile_en_us&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb