Zero-day vulnerability in Symantec PGP Whole Disk Encryption

Symantec’s PGP Whole Disk Encryption is used to encrypt all the contents on the disk on a block-by-block basis having zero-day vulnerability. The latest kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability. Though this is confirmed, it’s limited to systems running Windows XP and Windows 2003. An attacker would obviously need local access to a vulnerable computer to exploit this vulnerability.

Takeaway: One of the most common sources of massive amounts of data leak is lost and stolen laptops. Though responsible companies encrypt them, such non-networked vulnerabilities can cause havoc among the administrators to patch a large workforce.