Internet Security Systems Protects Customers from Microsoft Flaws and Thwarts Phishing Attempts; ISS Virtual Patch(TM) Technology Protects Customers Ahead of the Threat.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. , enterprise security, today announced protection for several flaws disclosed by Microsoft affecting Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and Windows users. ISS customers have been protected from the two Internet Explorer flaws covered in Microsoft's security update, HTML Application An HTML Application (HTA) is a Microsoft Windows application written with HTML and Dynamic HTML. The ability to write HTAs was introduced with Microsoft Internet Explorer 4.0. HTAs can be made from regular HTML files by simply changing the file extension to .hta. (HTA HTA Health Technology Assessment HTA Hipertension Arterial (Spanish: Hypertension) HTA HTML Application HTA Help the Aged HTA Human Tissue Authority (UK) HTA Hochschule für Technik und Architektur ) and "CreateTextRange," since February 2004 and March 2006, respectively. ISS is also providing product coverage for a flaw announced today in Microsoft Data Access Components (database) Microsoft Data Access Components - (MDAC) Microsoft's umbrella term for their ActiveX Data Objects (ADO), OLE DB, and Open Database Connectivity (ODBC) libraries. Together, these provide access to a variety of data sources, both relational (SQL) and nonrelational. (MDAC (Microsoft Data Access Components) A package of database drivers from Microsoft for connecting client PCs to the databases in servers. MDAC is periodically updated to reflect changes in ADO, OLE DB and ODBC and is a required installation in developers' and many ). Because exploitation of these vulnerabilities requires the user to browse to a malicious Web page, ISS' X-Force(R) research and development team expects that attackers will attempt to lure users via phishing emails. "Unfortunately, computer users still fall for phishing scams at an alarming rate," said Gunter Ollmann, director of ISS' X-Force. "Therefore, while these flaws require some level of user interaction to exploit, it is still crucial for organizations to apply protection for them as soon as possible." Today, Microsoft released a security update for several critical vulnerabilities announced last month that affect Internet Explorer. The first, CreateTextRange, enables an attacker to modify text within an object, eventually allowing for the execution of arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. and compromise of networks and machines. The second, HTA, allows attackers to force a victim to download and execute arbitrary HTML Applications without the user's knowledge, leading to the download and execution of additional malicious files. In the absence of a patch from Microsoft, ISS has provided customers with ahead-of-the-threat protection from these vulnerabilities before any exploits were released in the wild. Through ISS' Virtual Patch technology, companies can automatically shield business assets from attack until they are able to schedule time to apply patches from affected vendors. Microsoft also announced today a flaw in Microsoft Data Access Components. MDAC is a group of Microsoft technologies that interact together to provide programmers a uniform means of developing applications for accessing almost any data repository. MDAC is prevalent in a wide range of Microsoft products including Windows XP, Windows Millennium Edition See Windows ME. (operating system) Windows Millennium Edition - (Windows ME) An update of Microsoft Windows 98, released in 2000. ME included updates of packaged software and new software such as Windows Media Player 7, Windows Movie Maker. and Windows Server. Exploitation of this vulnerability also requires users to view a malicious Web page using Internet Explorer. Successful exploitation of any of these vulnerabilities could be used to obtain unauthorized access to networks and machines, leading to exposure of confidential information, loss of productivity and further network compromise. By protecting against vulnerabilities rather than known exploits, ISS keeps organizations ahead of Internet threats. Through a multi-layered security approach, ISS' Proventia(R) security products and services provide organizations with comprehensive protection for IT assets from network to host. ISS products and services are based on the work of its X-Force research and development team. X-Force has discovered more than 50 percent of all critical and high-risk software and infrastructure vulnerabilities uncovered by commercial security research groups from 1998 to 2005. The ISS X-Force alerts on these vulnerabilities can be found at: http://xforce.iss.net/ Microsoft's security bulletin addressing these vulnerabilities can be found at: http://www.microsoft.com/technet/security/current.aspx About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion