A zero-day flaw in a software driver in Symantec’s Endpoint Protection product may be tricky to fix. The flaw is contained in the Application and Device Control driver, which is in versions 11.x and 12.x. The vulnerability was found by training and penetration testing company Offensive Security. No known compromises have been reported, but the medium severity flaw is being handled “with utmost urgency and care” It’s not clear if users will have to reinstall the product with an upgraded driver.”]