EliaShim Ltd. has Identified Additional Microsoft Security Holes in Microsoft Internet Mail and News Applications.HAIFA, Israel--(BUSINESS WIRE)--March 7, 1997 - EliaShim also announces its free fix, available for download at www.eliashim.com, for newly discovered security risk that threatens Microsoft users EliaShim Ltd. today announced that it has identified another security breach in Microsoft's Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. , specifically within its Internet Mail See Internet e-mail service. and News applications. EliaShim has already formulated and posted a free solution to this major security flaw at its Web site at http://www.eliashim.com. In this newly discovered defect, malicious hackers can embed em·bed also im·bed v. em·bed·ded, em·bed·ding, em·beds v.tr. 1. To fix firmly in a surrounding mass: embed a post in concrete; fossils embedded in shale. a harmful executable link (as a shortcut (1) In Windows, a shortcut is an icon that points to a program or data file. Shortcuts can be placed on the desktop or stored in other folders, and double clicking a shortcut is the same as double clicking the original file. ) within Microsoft newsgroup newsgroup Internet forum for discussion of specific subjects. Newsgroups are organized into subjects (e.g., automobiles); each typically has several subgroups (e.g., classic cars, Formula One racing cars). postings and in messages received through Microsoft's Internet Mail. The hostile links, placed innocuously within messages and often disguised as free demo opportunities, prey upon unsuspecting computer mail or newsgroup users by carrying out any number of harmful internal applications in the PC's hard drive. In addition to deleting desktop shortcut icons, hackers could potentially delete, format, extract and execute other damaging, illegal and vandalistic functions. Microsoft's Internet Explorer, Mail and News areas are vulnerable because Microsoft's design does not form a distinction between internal and external applications. The hostile links are undetectable because they are, in fact, remote external desktop icons that carry out internal applications in the computer. When a user clicks on a hostile hyperlink, the user executes an internal command that can possibly render a substantial amount of damage to the computer. As an illustration, a message with a .lnk or .url attachment can be sent by any user through Microsoft Mail An earlier and simple messaging system from Microsoft that runs on PC and AppleTalk networks. Gateways are available to a variety of mail systems including X.400, PROFS and MHS. Microsoft Mail-enabled applications are written to the MAPI programming interface. See Microsoft Exchange. . When the mail is received, a double click on the attachment will open it and automatically run the harmful executable. Coupled with the potentially damaging links that can be posted in Microsoft News newsgroups This is a list of newsgroups that are significant for their popularity or their position in Usenet history. As of October 2002, there are about 100,000 Usenet newsgroups, of which approximately a fifth are active. , hackers have discovered a serious security breach that puts Microsoft Mail and newsgroup users at substantial risk. "This situation is a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. magnet because the potential for harm is so much greater - reaching not only people using Microsoft's browser, but also through its email and newsgroup applications," said Matti Zinder, EliaShim's vice president of marketing. "In fact, we believe that this security breach will now create a new type of Internet vandalism The intentional and malicious destruction of or damage to the property of another. The intentional destruction of property is popularly referred to as vandalism. It includes behavior such as breaking windows, slashing tires, spray painting a wall with graffiti, and : hostile mail spamming See spam. spamming - spam ." With IE-Safe, EliaShim's free solution that can be downloaded at its Web site, potential problems can be averted a·vert tr.v. a·vert·ed, a·vert·ing, a·verts 1. To turn away: avert one's eyes. 2. and solved. By separating the Internet domain from the PC or workstation domain, IE-Safe does not allow the execution of commands originating from external links. In particular, IE- SAFE is a small utility program that checks all references to shortcut files and disables their execution. IE-SAFE is based on the unique technology developed by EliaShim programmers and is used in the ViruSafe-WEB Anti- Virus Plug-in product. EliaShim's IE-SAFE solution is compatible with all International versions of IE as well as Internet Mail and News applications. EliaShim Ltd. is the leading supplier of technologically innovative anti-virus and security software to the corporate and government sectors worldwide. It has been providing unique security software solutions to over 4 million customers worldwide, including major banks and financial institutions, Fortune 500 corporations and many others. EliaShim's advanced products, utilizing over 10 years of experience gained through cutting-edge developments, are centered on the individual PC user and provide state-of-the-art protection for PC's, Local Area Networks and the Internet. EliaShim's products will continue to be made available for the consumer market during 1997. EliaShim has subsidiaries in the U.S, Europe and Japan and a network of over 40 distributors worldwide. For product and pricing information, please call 1-800-477-5177. CONTACT: Samantha Rubin Connors Communications 212/807-7500 sam@connors.com or Peter Suciu Connors Communications 212/807-7500 peter@connors.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion