IBM Helps Safeguard Customers from Critical Microsoft Vulnerabilities.ARMONK, N.Y. -- IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) (NYSE NYSE See: New York Stock Exchange : IBM) today announced its Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS ISS See Institutional Shareholder Services (ISS). ) X-Force[R] research and development team is helping to protect customers from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered by IBM X-Force in Microsoft's core antivirus engine, which is a default component of various Microsoft offerings such as Windows Live A family of free desktop and Web-based applications from Microsoft, most of which can be accessed from a personal home page as well as a Windows Live browser toolbar. Launched in late 2005, Microsoft integrated and rebranded its Hotmail and MSN and Windows instant messaging as "Windows OneCare and Windows Defender, including Windows Defender for Vista. This vulnerability allows an attacker to send a specially-crafted PDF file to users and trigger a heap overflow in the antivirus engine, resulting in remote code execution. Successful exploitation could grant an attacker system-level privileges. IBM ISS customers have been protected from this flaw since January. "IBM ISS urges companies to swiftly remediate this vulnerability," said Pete Allor, director of intelligence for IBM Internet Security Systems IBM Internet Security Systems is a security software provider which was founded in 1994 as Internet Security Systems, and is often known simply as ISS or ISSX (after its former NASDAQ ticker symbol). The company was acquired by IBM in 2006. . "IBM ISS continues to work closely with Microsoft to provide Vista support for our customers." IBM ISS is also providing protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The most important of these is an FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to client vulnerability that can be exploited by a malformed mal·formed adj. Abnormally or faultily formed. response from a malicious server. Since it is relatively simple for attackers to direct Web browsers to an FTP URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. , X-Force advises companies to take this flaw seriously. For the other two vulnerabilities, users of Internet Explorer 7 should be safe by default due to the ActiveX opt-in feature. X-Force believes this may provide encouragement for network administrators to migrate to the new browser, as ActiveX controls have been used frequently in exploits this year. Through a combination of cutting-edge research, extensive industry collaboration and a preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. technology platform designed to stop entire classes of threats without the need for continuous signature updates, IBM ISS keeps customers a step ahead of constantly evolving Internet threats. IBM's X-Force advisory and alert on these issues can be found in the Internet Threat Information Center section on http://www.iss.net Patches for these flaws are also available from Microsoft. Microsoft's security bulletin addressing this issue can be found at: http://www.microsoft.com/technet/security/current.aspx For further details on Vista security, please see the IBM whitepaper, "Microsoft Vista's Kernel-Locking," at: http://www.iss.net/documents/whitepapers/ISS_Vista_Kernel_Lock_ Whitepaper.pdf (Portable Document Format) The de facto standard for document publishing from Adobe. On the Web, there are countless brochures, data sheets, white papers and technical manuals in the PDF format. (Due to its length, this URL may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.) About IBM Internet Security Systems IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia[R] integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force[R] research and development team - the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and Proventia and X-Force are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion