Citadel Security Software Warns of a High Threat Level Due to Recent Microsoft Source Code Leak.Business Editors/High-Tech Writers DALLAS--(BUSINESS WIRE)--Feb. 17, 2004 Microsoft Source Code Leak Contributes to Latest Vulnerability Threat Released in Days, Expect Imminent Threat Imminent threat is a standard criterion in international law, developed by Daniel Webster, for when the need for action is "instant, overwhelming, and leaving no choice of means, and no moment for deliberation. of New Critical Vulnerabilities Citadel Security Software, Inc. (OTCBB OTCBB See OTC Bulletin Board (OTCBB). :CDSS CDSS California Department of Social Services CDSS Clinical Decision Support Systems CDSS Country Dance and Song Society CDSS Canadian Down Syndrome Society CDSS Community Day Secondary Schools (Malawi) ), a leader in vulnerability management solutions through automated vulnerability remediation and policy enforcement warns that the vulnerability reported in Microsoft Internet Explorer See Internet Explorer. (IE) version 5 as a result of a recent leak of Windows source code will be the first in a series of new vulnerabilities demonstrating the need for immediate remediation of all Microsoft vulnerabilities. The vulnerability reported allows a remote user to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on a targeted system via a specially crafted bitmap. When the bitmap is loaded by Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. version 5, it will trigger an integer overflow In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. and execute arbitrary code and run with the privileges of the target user. "It is our opinion the leak of Microsoft's source code has the potential to be a serious security threat," said Kent Landfield, security group manager for Citadel. "We expect a wave of new vulnerabilities exploiting Microsoft issues as a result of this intellectual property breach." The leak of a subset of Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. and Windows 2000 code provides hackers insight into Windows design and implementation, enabling them to leverage what they have learned to create new vulnerabilities and exploits. Newer versions of Microsoft Internet Explorer, version 6 as an example, are not vulnerable to this exploit, illustrating why organizations should take every precaution to update and remediate their networks to protect against this new emerging threat. Citadel's Hercules automated vulnerability remediation solution already provides remedies that protect customers from these types of vulnerabilities. To avoid attacks, organizations need to implement up-to-date remediation processes, utilize automation technology and orchestrate or·ches·trate tr.v. or·ches·trat·ed, or·ches·trat·ing, or·ches·trates 1. To compose or arrange (music) for performance by an orchestra. 2. the best practices that Citadel recommends. Citadel's Hercules is the first vulnerability remediation solution to automate the resolution of all five classes of vulnerabilities including unsecured accounts, misconfigurations, unnecessary services, software defects and backdoors. "Our customers can be confident that if they remediate their networks with Hercules, they will be less vulnerable to attacks on older Microsoft issues such as this latest vulnerability in Internet Explorer 5, and will be in a better position to fight new attacks," says Landfield. With the largest library of remediation capabilities across Windows, Sun Solaris and Linux Red Hat platforms and interoperability with industry leading network scanners and vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. tools, Hercules allows users to import and aggregate data from multiple sources, review, approve and customize resolutions and systematically deploy vulnerability fixes. About Citadel Citadel Security Software Inc., a leader in vulnerability management solutions through automated vulnerability remediation and policy enforcement, helps enterprises effectively neutralize security vulnerabilities. Citadel's patent-pending Hercules(R) technology provides users with full control over the automated remediation process, enabling efficient aggregation, prioritization and resolution of vulnerabilities detected by industry-standard vulnerability assessment tools. Winshield(R) SecurePC(TM) and NetOFF(TM) products enable companies to enforce security policies from a single point of control. Citadel's solutions enable organizations to ensure the confidentiality of information, reduce the time and costs associated with the inefficient manual remediation process, and facilitate compliance with organizational security policies and government mandates such as, FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and Gramm-Leach-Bliley legislation. For more information on Citadel, visit www.citadel.com, or contact the company at 214-520-9292. Safe Harbor/Forward-looking Statements: This press release contains forward looking statements that are subject to risks and uncertainties including the current economic and geopolitical ge·o·pol·i·tics n. (used with a sing. verb) 1. The study of the relationship among politics and geography, demography, and economics, especially with respect to the foreign policy of a nation. 2. a. environment, the current information technology spending trend, the uncertainty of funding of government information technology security projects, a lack of Citadel operating history, uncertainty of product acceptance, uncertainty of ability to compete effectively in a new market and the uncertainty of profitability and cash flow of Citadel, competition ,intellectual property rights and dependence on key personnel. These risks and uncertainties may cause actual outcomes and results to differ materially from expectations in this press release. These and other risks are detailed in Citadel's quarterly reports on Form 10-QSB filed for the quarter ended September30, 2003 and Citadel's annual report on Form 10-KSB filed for the year ended December 31, 2002 and our Form 10-KSB to be filed for the year ended December 31, 2003. Editors Note: Citadel is a trademark and Hercules(R) is a registered trademark of Citadel Security Software Inc. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion