Printer Friendly
The Free Library
14,508,411 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Internet Security Systems Shields Customers from Flaws in Internet Explorer and Windows Media Player; ISS Warns That Flaws Could Be Used to Launch Successful Targeted Attacks Against Specific Individuals or Enterprises.


ATLANTA -- Internet Security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software.  Systems, Inc. (ISS ISS

See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ
 in full National Association of Securities Dealers Automated Quotations

U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive  
adj.
1. Of, relating to, or characteristic of preemption.

2. Having or granted by the right of preemption.

3.
a. , enterprise security, today announced that it is providing preemptive protection for flaws announced today by Microsoft in Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software.  and Windows Media Player Digital jukebox software for Windows from Microsoft that plays a variety of audio, video and streaming formats including MP3, WMA, CD audio and MIDI. Starting with Version 6.2 in 1999, the Windows Media Rights Manager was added for securing copyrighted content. . ISS deems five of these issues to be critical, as they can allow for remote code execution if an unsuspecting user clicks on a malicious Web page or file.

"Of particular concern is that some of the flaws in Internet Explorer can also be exploited through the preview pane in Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see .

Microsoft Outlook or Outlook (full name Microsoft Office Outlook , making them susceptible to the creation of an e-mail worm," said Alain Sergile, technical product manager for ISS' X-Force(R) research and development team. "As for the Windows Media Player vulnerability, X-Force predicts that it will be leveraged by attackers to launch targeted attacks on specific individuals or corporations. By simply enticing a user to download a malicious file and view it using Windows Media Player, attackers could very easily obtain unauthorized access to a network."

One of the critical vulnerabilities announced in Internet Explorer today involves the rendering of Web pages within Internet Explorer through mshtml.dll. This vulnerability is of particular concern since it can be exploited simply by causing a user to view a malicious HTML HTML
 in full HyperText Markup Language

Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web.  page through the Microsoft Outlook preview pane, which attackers could leverage for the creation of an e-mail worm.

Two of the other vulnerabilities announced by Microsoft today in Internet Explorer affect ActiveX, a Microsoft technology that allows for the integration of components such as sound and animations into a Web page. Exploitation of these flaws is possible via a specially crafted Web page.

The last critical vulnerability in Internet Explorer concerns HTML Style Tags. By creating a malicious HTML file with many Style Tags, an attacker can force Internet Explorer to execute arbitrary code.

The vulnerability in Windows Media Player involves the program's handling of Portable Network Graphics (PNG (Portable Network Graphics) A bitmapped graphics file format endorsed by the World Wide Web Consortium. It is expected to eventually replace the GIF format, because there are lingering legal problems with GIFs. ) image files. Attackers may host malformed mal·formed
adj.
Abnormally or faultily formed.  PNG files on Web servers such that they will be opened by Windows Media Player when unsuspecting users click on them, leading to exploitation.

Successful exploitation of any of these vulnerabilities could be used to obtain unauthorized access to networks and machines, leading to exposure of confidential information, loss of productivity and further network compromise.

ISS is providing preemptive protection for these flaws. Through its unique Proventia(R) protection platform and Virtual Patch(TM) technology, ISS protects against vulnerabilities rather than known exploits to shield businesses from attack ahead of the threat. ISS' preemptive approach to security is based on the vulnerability research conducted by the company's X-Force research and development team, the unequivocal world authority on vulnerability and threat research.

Further details on these vulnerabilities can be found in the ISS X-Force alerts at: http://xforce.iss.net/xforce/alerts

Microsoft's security bulletin addressing these issues can be found at: http://www.microsoft.com/technet/security/current.aspx

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.
COPYRIGHT 2006 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Article Type:Company overview
Geographic Code:1USA
Date:Jun 13, 2006
Words:638
Previous Article:GEICO Reviews Hurricane Season Safety Lessons.
Next Article:John Cutting Joins MBIA Asset Management.
Topics:



Related Articles
Nimda - how it works. (VIRUS NOTES).
2ND GLITCH REPORTED IN NET BROWSER : MICROSOFT PREPARING PATCH TO CORRECT BUG.(BUSINESS)
MICROSOFT POSTS REPAIR KIT TO REMEDY SECURITY FLAWS.(News)
CALIFORNIA LAWSUIT BLAMES MICROSOFT FOR WORMHOLES.
Microsoft plays down SP2 security glitches.(Security News and Products)(Brief Article)
Microsoft releases 10 security updates.(Security)(Brief Article)
Hackers target Microsoft's JPEG flaw.(Security)
Third busy patch month for Microsoft.(Security)
IBM Internet Security Systems shields customers from critical Microsoft vulnerabilities.(Security News and Products)
Security and products; ISS helps safeguard customers.(SOFTWARE WORLD DIGEST)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles