AppSense Discloses View on Newly Announced Vulnerability in Microsoft Word: Eliminate Dependence on Prior Knowledge of Vulnerabilities.FT. LAUDERDALE, Fla. -- What: A previously unknown vulnerability in Microsoft Word A full-featured word processing program for Windows and the Macintosh from Microsoft. Included in the Microsoft application suite, it is a sophisticated program with rudimentary desktop publishing capabilities that has become the most widely used word processing application on the market. is now being exploited (see news article http://news.zdnet.com/2100-1009_22-6112265.html) AppSense's view: The Word 2000 vulnerability announced today is the latest in a series of vulnerabilities in Microsoft Office Microsoft's primary desktop applications for Windows and Mac. Depending on the package, it includes some combination of Word, Excel, PowerPoint, Access and Outlook along with various Internet and other utilities. applications. Searching for new vulnerabilities has become a profitable area for criminal hackers A criminal who uses hacker techniques to break the law. Originally, the term "hacker" referred only to a highly technical programmer. Today, the term is often used synonymously with criminal. "Criminal hacker" and "cracker" are the most accurate references to this individual. . A serious vulnerability can be sold many times over. Some sell for tens of dollars to a large market and are usually discovered quickly. Others are sold for tens of thousands to a more select market and can exist for long periods of time. Recently someone even tried to sell an Excel vulnerability on eBay. This market for vulnerabilities is a recent phenomenon and is part of a whole supply chain that has sprung up to feed computer crime. An increasingly common characteristic of this vulnerability is that it has exploit code created and in use for a substantial time prior to there being public information about the details of where the vulnerability exists. Similarly to the Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. Media File vulnerability disclosed in December 2005, these vulnerabilities have been found by researchers who kept the knowledge secret and used it themselves for an undetectable attack, or sold it to others. Many vulnerabilities are present in products but not acknowledged and hence largely unknown. A single internet based project, called the Zero Day Initiative http://www.zerodayinitiative.com/details.html, lists 29 undisclosed vulnerabilities it is sitting on. Twenty four of those are rated as a High Severity. "This is a classic race between good and evil. Will the bad guys exploit a vulnerability before the good guys can find and fix it? The only solution to this problem is for security to become more proactive and less dependant on Adj. 1. dependant on - determined by conditions or circumstances that follow; "arms sales contingent on the approval of congress" contingent on, contingent upon, dependant upon, dependent on, dependent upon, depending on, contingent prior knowledge of vulnerabilities," Martin Ingram Martin Ingram is the pseudonym of an ex-British Army soldier who served in the Intelligence Corp and Force Research Unit (FRU). He has made a number of allegations about the conduct of the British Army, its operations in Northern Ireland via the FRU, and against figures in the , VP Product Management, AppSense. About AppSense: AppSense is the leading provider of application-level endpoint security solutions for the enterprise - proactively protecting desktops, laptops, servers, virtual systems and embedded Inserted into. See embedded system. devices against all forms of malicious software and preserving endpoint environments in their optimal state to ensure system integrity. AppSense software secures thousands of organizations and is installed on hundreds of thousands of desktops and servers across the world in mid-to-large organizations and across many industries such as Public Sector, Finance, Pharmaceutical and Healthcare. AppSense solutions automatically and proactively block all unknown or untrusted applications from running on an endpoint without ever having to know that a vulnerability even exists, or the source or nature of the application (i.e., whether it is an unauthorized software or malicious software) or if malicious, what its signature file looks like or how it behaves. It controls when/where approved applications can execute, what functions within those applications users can access, and can even control access to endpoint devices, like USB memory See USB drive. sticks, which can be used to compromise an enterprise's critical data. AppSense operates through a world-wide channel of certified See certification. partners with offices in the US, UK, Germany, The Netherlands and Australia. For more information visit: www.appsense.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion