Symantec Patches Remote Exploit in SAV part 4

I dont see it reflected on their public bulletin yet (give it some time), but the ftp site now has updates for 10.0.2.2000 and 10.0.2.2001 to patch them with the resulting version of 10.0.2.2002.
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_antivirus/symantec_antivirus_corp/10.0/updates/
These patches keep trickling out, if you are running an earlier build of SAV 10 than is currently patched, keep waiting, I’d expect it out in the next couple of days.
ISC is reporting that the exploitation occurs through the management port that is opened on managed SAV clients. I haven’t seen a source for that. If your personal firewall policy is really granular, for example listening to only the parent server on that port and no one else, then you may be in good shape.
If Marc had simply informed the manufacturer of the problem, and told no one else, we’d be in about the same shape as we are now. Their version of responsible disclosure does little to allow people using this product to protect themselves other than hope for fast patching. That isn’t always feasible in an enterprise environment. I suspect most people are working on patching flash and quicktime still, that is if they bother to patch applications at all.