Internet Security Systems Preemptively Protects Customers Against New Microsoft Vulnerabilities.ATLANTA -- ISS ISS See Institutional Shareholder Services (ISS). X-Force Issues Advisories to Enterprises on Vulnerabilities Discovered in Microsoft's Portable Network Graphics Library and SMB (1) (Small to Medium-sized Business) Also called "SME" (small to medium-sized enterprise), it refers to companies that are larger than the small office/home office (SOHO), but not huge. Implementation Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) today announced the company has preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection available for critical vulnerabilities announced by Microsoft this afternoon. Of the new vulnerabilities announced by Microsoft, ISS considers some to be particularly threatening to enterprise organizations - specifically, an Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. PNG (Portable Network Graphics) A bitmapped graphics file format endorsed by the World Wide Web Consortium. It is expected to eventually replace the GIF format, because there are lingering legal problems with GIFs. Overflow vulnerability and an SMB implementation vulnerability. ISS' X-Force(R) Research and Development Team discovered the Internet Explorer PNG Overflow vulnerability. "These two critical vulnerabilities can leave enterprises open to remote exploitation and compromise," said Chris Rouland, chief technology officer at Internet Security Systems. "ISS advises that organizations deploy remediation for these critical vulnerabilities immediately. Exploitation of these vulnerabilities may lead to exposure of confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , loss of productivity and further network compromise." Portable Network Graphics (PNG) is a common and established image standard that is widely supported in applications that view images, including Internet Explorer. It has been found that Microsoft's PNG filter library contains a buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. vulnerability that can lead to remote compromise of affected machines with minimal user interaction, leading users to view a malicious Web site or e-mail. Successful exploitation would grant an attacker the privileges of the user viewing the image, up to and including administrative privileges. In addition, Microsoft's SMB service contains a buffer overflow vulnerability that could potentially lead to remote code execution. SMB is used to provide support for file and printer sharing An operational state in a computer that lets other users in the network copy files and use the printer. See file sharing. , as well as access to named pipes and mailslots on Windows. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines. No authentication is required for an attacker to leverage these vulnerabilities to compromise a network or machine. The full ISS X-Force advisories can be found at: http://xforce.iss.net/xforce/alerts/id/195 http://xforce.iss.net/xforce/alerts/id/196 Available Protection: Organizations that have deployed ISS products from the Proventia(R) Enterprise Security Platform or that use ISS Managed Security Services are preemptively protected. For additional information on affected infrastructure or on Microsoft's suggested methods of mitigating exposure, please visit: http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx http://www.microsoft.com/technet/security/bulletin/ms05-027.mspx For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/. About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion