Finjan Software Warns of Ten New Vulnerabilities in Windows XP SP2.
SAN JOSE, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. , November 10 /PRNewswire/ -- Finjan Software, the leading provider of proactive secure content management solutions for enterprises, announces today 10 serious security vulnerabilities discovered by Finjan's Malicious Code Research Center (MCRC MCRC Metastatic Colorectal Cancer
MCRC Marine Corps Recruiting Command (USMC)
MCRC Malicious Code Research Center (Finjan Software)
MCRC Motorcycle Racing Club ) in Windows(R) XP Service Pack 2 (SP2) operating system operating system (OS)
Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. .
"The recently released Service Pack 2 of Microsoft(R) Windows(R) XP operating system offers certain features of security," says Shlomo Touboul, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and Founder of Finjan Software. "However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security. By using Finjan's proactive security solutions, based on our patented behavior blocking Also known as "sandboxing," it is software that monitors the executable actions of potentially malicious software and prevents certain operations from taking place. Deleting files and modifying system settings are the kinds of actions that are prohibited. technology on top of SP2, users can enjoy a secure environment that protects them from such vulnerabilities".
Finjan has provided Microsoft with full technical details concerning the vulnerabilities discovered by Finjan's Malicious Code Research Center and has been assisting Microsoft to patch these holes. In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft.
"Windows(R) XP SP2 operating system is a continuation of the same Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. Operating System and Windows Kernel. All Windows versions See Windows. have been developed with requirements for highest backward compatibility See backward compatible.
(jargon) backward compatibility - Able to share data or commands with older versions of itself, or sometimes other older systems, particularly systems it intends to supplant. and open architecture, with maximum productivity and ease of use. In addition, Windows(R) applications typically run with administrative permission with full and unlimited access to computer resources", continues Shlomo Touboul.
"This, together with the emerging technology of mobile code has created a situation in which active content travels freely over the web and gains full control of host computers. These fundamentals create a green field for hackers shown by constantly increasing attacks and damage over the last few years. A security patch A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch. of Windows(R) operating system without changing the rules of the game will not be enough to fight the recent complex malicious code attacks such as Scob, Mydoom, and others. End users and Enterprises must add an independent security layer that is not dependent on the above fundamentals. Application level behavior blocking is the leading technology designed to immunize im·mu·nize
1. To render immune.
2. To produce immunity in, as by inoculation.
im systems from both known and unknown vulnerabilities and exploits; viruses, worms, Trojans, spyware, phishing and other threats", concluded Mr. Touboul.
Notes to Editors More details on the Vulnerabilities
By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a web page.
The following scenarios demonstrate some of the vulnerabilities discovered by Finjan in SP2:
- Hackers can remotely access users' local files Windows(R) XP SP2 is designed to deny access to a local file in the course of Internet browsing. Therefore, any attempt by a remote web page to access a local file in any way other than downloading a file, is denied. Finjan has shown that this feature can be remotely compromised by hackers.
- Hackers can switch between Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. Security Zones to obtain rights of local zone Internet Explorer uses the notion of security zones to differentiate between mobile codes by their origin. In this way, for example, the permissions of files running from the local hard drive are much higher than the permissions of code downloaded from the Internet. Finjan has shown that it is possible to elevate the privilege level of mobile code downloaded from the Internet. By gaining additional privileges, the remote code could read, write and execute files on the user's hard drive.
- Hackers can bypass SP2's notification mechanism on the download and execution of EXE Exe (ĕks), river, c.55 mi (90 km) long, rising in the Exmoor, Somerset, SW England, and flowing S across the Cornwall peninsula, past Exeter to the English Channel at Exmouth. files and therefore download files without any warning or notification One of the mechanisms that have been implemented in SP2 is the verification of the download and the execution of content arriving from the Internet. This mechanism is implemented by three new features - an information bar inside Internet Explorer which filters and blocks unauthorized operations performed by web pages, a file download dialog which requires the user's confirmation for file save and execution operations, and an execution verification dialog. These features are important to prevent unauthorized silent "drive-by" installations of malicious software.
Finjan Customers Are Proactively Protected Against All These Threats
Finjan enterprise customers using the latest releases of Finjan's Vital Security(TM) products, and Finjan's small and medium sized customers using the recently released 1Box(TM) Series are proactively protected against these vulnerabilities, as well as against other, not yet discovered ones.
About the Finjan(R) Vital Security(TM) Product Suite Vital Security(TM) for Enterprises
Vital Security(TM) for Web: Installed at the corporate gateway, Vital Security for Web leverages its patented proactive behavior blocking engine to close the Window-of-Vulnerability(TM) left open on the Web and is the only solution to also integrate best-of-breed solutions in traditional anti-virus scanning, content filtering and Web filtering onto a single platform.
Vital Security(TM) for E-Mail: Installed at the corporate gateway, Vital Security for E-Mail leverages its patented proactive behavior blocking engine to close the Window-of-Vulnerability(TM) left open in e-mail and is the only solution to also integrate best-of-breed solutions in traditional anti-virus scanning, anti-spam, content filtering, custom disclaimers, and document auditing with digital watermarking onto a single platform.
Vital Security(TM) for Clients: A centrally managed, proactive security solution for enterprise desktops, Vital Security for Clients closes the Window-of-Vulnerability(TM) and protects against new virus outbreaks and malicious mobile code attacks received through e-mail or the Web using its run-time monitoring "sandboxing" technique.
Vital Security(TM) for Documents: Enables companies to control the access, authorization and distribution of sensitive documents internally and externally. It allows trusted users to view critical business information and intellectual property unimpeded unimpeded
not stopped or disrupted by anything
Adj. 1. unimpeded - not slowed or prevented; "a time of unimpeded growth"; "an unimpeded sweep of meadows and hills afforded a peaceful setting" , while preventing those properties from being digitally distributed, electronically copied, or physically replicated.
Vital Security(TM) for SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. : Installed at the corporate gateway, Vital Security for SSL decrypts encrypted traffic in HTTPS/SSL to allow other security solutions such as Vital Security for Web, to scan the content for viruses, worms or malicious code.
Vital Security 1Box(TM) Series for Small and Medium-Sized Businesses
Internet 1Box(TM): Best and most comprehensive security solution for web and email at the gateway and desktop. This easy-to-use product combines Finjan's patented application-level Behavior Blocking technology to provide day-zero protection against unknown or known attacks, integrated with best-of-breed anti-virus, URL URL
in full Uniform Resource Locator
Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. filtering and anti-spam engines in a single box. Providing enterprise-level security at a price affordable for SMBs, Internet 1Box represents the best value for money. It addresses the security worries allowing SMBs to focus on their business.
SSL 1Box(TM): Extends the Internet 1Box capability to protect against threats arriving via SSL/HTTPS encrypted content as well as enforcing SSL certificates according to the corporate policies. When implemented together with Internet 1Box these products deliver the best solution on the market capable of detecting a new unknown attack arriving via HTTPS/SSL, HTTP HTTP
in full HyperText Transfer Protocol
Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. and FTP FTP
in full file transfer protocol
Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to .
Documents 1Box(TM): Provides a secure environment for sharing documents within organizations and with partners or customers. Based on pre-defined corporate policies, it protects against unauthorized access, saving, copying, forwarding, printing, or even screen-capturing of confidential documents. It provides protection against unauthorized use of confidential documents, thus allowing SMBs to generate new revenue streams and additional business opportunities. It is the only secured publishing solution available for the SMBs.
Malicious Code Research Center (MCRC) is the leading research department at Finjan Software, dedicated to the research and detection of potential Internet and e-mail attacks. MCRC's goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop next generation mobile malicious code, worms, Trojans, viruses and spyware. MCRC researchers also contribute to the development of next generation defense tools for Finjan's proactive secure content management solutions. For more information, visit http://www.finjan.com/mcrc/. These specific vulnerabilities were discovered by Mr. Ivgi, Security Researcher, Finjan's MCRC department.
Finjan Software is the leading provider of proactive, behavior-based secure content management solutions, protecting more than 3 million users from attacks, globally. Finjan surpasses the levels of defense typically offered by reactive anti-virus software solutions. Finjan uses its Vital Security(TM) platform to determine actual code behavior and blocks any action that violates predefined security policy. This superior technology enables Finjan to protect users proactively by responding to existing, and more importantly, yet to be developed attacks. Analyst firm IDC, recognizes Finjan as the leader in the worldwide malicious mobile code security market. For more about Finjan Software and its proactive protection solutions against threats driven by mobile malicious code, please visit: http://www.finjan.com/.
Copyright (c) 2004 Finjan Software, Inc., and/or its subsidiaries. All rights reserved.
Finjan, Finjan logo, Vital Security, 1Box, Internet 1Box, SSL 1Box, and Documents 1Box are trademarks or registered trademarks of Finjan Software, Inc., and/or its subsidiaries. Microsoft, Windows, Windows XP are either registered trademarks or trademarks of Microsoft Corporation. All other registered and unregistered trademarks in this document are the sole property of their respective owners. The Finjan Software products described in this document are protected by one or more of the following US Patents: 6092194, 6167520, 6480962, 6209103, 6298446, and 6353892 and may be protected by other US Patents, foreign patents, or pending applications.
Finjan Media Contact: United Kingdom Simona Cotta Ramusino / Blanaid Colley The Global Consulting Group +44(0)20-7221-4374 firstname.lastname@example.org email@example.com United States Clara Perez The Global Consulting Group +1-646-284-9427 firstname.lastname@example.org Germany Alenka Zec Trimedia Communications Tel. +49(0)89-76-77-35-0 AlenkaZec@muc.trimedia.de France Daniel DaCosta Trimedia Communications Tel. +33-1-55-30-70-70 email@example.com
Blanaid Colley, The Global Consulting Group, +4420-7221-4374 firstname.lastname@example.org; email@example.com, United States, Clara Perez, The Global Consulting Group, +1-646-284-9427 firstname.lastname@example.org; Germany, Alenka Zec, Trimedia Communications, Tel. +49(0)89-76-77-35-0, AlenkaZec@muc.trimedia.de; France, Daniel DaCosta, Trimedia Communications, Tel. +33-1-55-30-70-70 email@example.com
CONTACT: Finjan Media Contact: United Kingdom, Simona Cotta cot·ta
n. pl. cot·tae or cot·tas
A short surplice.
[Medieval Latin, of Germanic origin.] Ramusino