Symantec sent an email early today to its Platinum customers reporting that they are working on a tool which will update the decomposer engine in Symantec AntiVirus Corporate Edition and Symantec Client Security.
The tool will update all supported versions of SAV and SCS to the latest decomposer engines to address the SYM07-019 vulnerability.
They estimate this tool will be released by the end of the day on Wednesday July 18th, 2007 US Pacific Time.
I wasn’t particularly looking forward to upgrading my 10.0.2 clients to 10.1.6. So hopefully this will make it possible to easily upgrade the vulnerable component.
If you’re at 10.0.x.anything, you’re already vulnerable to some pretty severe malware attacks. Until this latest vulnerability was announced last week, you had to be running at least 10.1.4.4000 to avoid the vulnerability announced last year. Please upgrade your SAV! It could save you a lot of time in the long run.
And as you said, the update tool is for supported versions of the software.
Assuming you are refering to SYM06-010 http://www.symantec.com/avcenter/security/Content/2006.05.25.html this vuln can be patched. For example 10.0.2.2021 is fully patched against this vulnerability.
You are right. I stand corrected.
SAV is notoriously difficult to upgrade via the SAV console or by other means, especially if you have hundreds or thousands of machines to upgrade. The best instructions for carrying out upgrades of SAVCE 7.x through 10.x to the latest versions that I am aware of is available at: http://www.sharpebusinesssolutions.com/savce_upgrade.htm