Internet Security Systems Discovers and Provides Preemptive Protection for WebEx Use of ActiveX Control.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. , enterprise security, today announced that its X-Force(R) research and development team discovered a serious vulnerability in the ActiveX control A software module based on Microsoft's Component Object Model (COM) architecture. It enables a program to add functionality by calling ready-made components that blend in and appear as normal parts of the program. used by the popular Web conferencing A videoconferencing session via the Internet. In order to interact with other participants, attendees use either a Web application or an application downloaded into their client machines. software, WebEx. ISS has worked closely with the company to resolve the vulnerability and according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. WebEx, there have been no reported cases of users adversely affected by the now resolved vulnerability. ISS X-Force has discovered a remotely exploitable vulnerability in the WebEx ActiveX control used to install the WebEx client on a user's machine when attending or hosting a meeting. WebEx uses ActiveX to download the software components needed for a meeting. With this vulnerability, the ActiveX control did not check the validity of the content or source of these additional components, which made it susceptible to attackers who have crafted a custom Web page to cause the WebEx ActiveX control to download and place malicious code on a user's machine. WebEx has already updated customer sites and users' ActiveX controls are automatically upgraded when they access the service. WebEx has also made a website available for individuals interested in manually updating their installer, http://www.webex.com/go/advisory. "WebEx is widely used and trusted by organizations of all types and sizes," said Gunter Ollmann, director of ISS X-Force. "This widespread distribution of the vulnerable client ActiveX agent means that many workstation hosts within an organization may be the focus of an attack by merely browsing a malicious website." If machines are exploited by this vulnerability, WebEx users could unknowingly expose confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead to attackers or allow them to obtain access to and control over additional assets on a corporate network. Compromise of corporate IT assets and classified information can lead to severe losses in productivity, finances and business reputation. ISS has provided customers with preemptive protection for this flaw through its Proventia(R) security platform. ISS' preemptive technology is based on the research and discoveries of its X-Force research and development team. By protecting against vulnerabilities rather than known exploits, ISS' Virtual Patch(TM) technology keeps organizations ahead of Internet threats until they are able to obtain, test and apply patches from affected vendors. The ISS X-Force advisory on this vulnerability can be found at: http://xforce.iss.net/xforce/alerts/id/226 About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion