Hi all,
this attack method needs to have some requirements.
1) You must have administrative access to the machine to modify the registry!
2) Tamper Protection must be disabled to change registry settings
If you have this requirements, you don't need to use any Microsoft tool to proceed.
Here is a statement:
Symantec has fully investigated this claim and confirmed Endpoint Protection / Norton security are not vulnerable to an attack and there is no product patching required. Symantec has released the following signatures, which will block attempts to modify the registry key required to carry out the attack.
These signatures work in conjunction with Tamper Protection to provide protection for the Proof of Concept (PoC) code: SONAR.IFEO!gen1, SONAR.IFEO!gen2.
If you need to deactivate Tamper Protection for any purpose, please ensure, that you have created an ADC policy to secure necessary parts of the registry.
Please set also a password for disabling the client services!
MICROSOFT DOMAIN GPO: Computer Configuration\Windows Settings\Security Settings\Registry
Here you can set additional audit settings to monitor if you can't use ADC or SONAR isn't installed.
I hope this clarify the situation a little bit.