Internet Security Systems Keeps Customers Ahead of Latest Microsoft Internet Explorer Threat; ISS Tracks and Offers Protection for Microsoft Java Virtual Machine Remote Compromise.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) today announced that it has provided customers protection against a vulnerability in Microsoft Internet Explorer See Internet Explorer. javaprxy.dll, for which Microsoft does not currently offer a patch. This vulnerability is considered to be a serious threat to enterprise organizations due to the widespread use of Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and the public availability of exploits for this issue, which could allow an attacker to obtain remote access to and compromise networks and machines. Testing by ISS' X-Force(R) research and development team has revealed that these exploits are successful at reliably compromising vulnerable systems. Through the Buffer Overflow Exploit Prevention (BOEP BOEP Bureau of Engraving and Printing ) technology in its Proventia(R) Desktop and Server Sensor SR 4.2 and 4.3 products, ISS has been offering preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection for its customers against this vulnerability since it was first uncovered. ISS has also provided customers with additional product updates, ensuring comprehensive protection against this vulnerability in the absence of protection from Microsoft. Organizations should be aware of the following: Business Impact -- Through this vulnerability, an attacker could lead a user to a malicious Web site using Internet Explorer or render a malicious HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. page sent by email and trigger a stack-based overflow, leading to arbitrary code execution and remote compromise. Successful exploitation would grant an attacker the privileges of the user viewing the HTML page, up to and including administrative privileges. Compromise of networks and machines using affected versions of Internet Explorer may lead to exposure of confidential information, loss of productivity and further network compromise. Affected Infrastructure -- Javaprxy.dll is a widely used COM object, used for debugging the Microsoft Java Virtual Machine A Java interpreter. The Java Virtual Machine (JVM) is software that converts the Java intermediate language (bytecode) into machine language and executes it. The original JVM came from the JavaSoft division of Sun. . In many cases, this dll is widely deployed across large enterprises, and in some cases resides on critical servers and virtually all desktops as part of default installations of Internet Explorer. Available Protection -- ISS products provide protection from this vulnerability. Other organizations should review the following security advisory from Microsoft: http://www.microsoft.com/technet/security/advisory/903144.mspx The full ISS X-Force Alert can be found at: http://xforce.iss.net/xforce/alerts/id/198 For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/ About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion