According to Ormandy, “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
However it should be pointed out that Symantec has since fixed the vulnerabilities pointed out by Google, but Ormandy’s post basically points out that this is something that should not have happened in the first place, especially for a company that supposedly sells users products meant to protect them.
He has also noted that while some of the updates are done automatically, in some cases it doesn’t where it might require an IT administrator’s permission first, which is something that he urges administrators to quickly do. In the meantime for those with some technical knowledge, Ormandy has listed down the various vulnerabilities that were discovered on the Project Zero blog.