NFR Security Protects Against New Zero-Day Microsoft Windows Vulnerability; Sentivist Badfiles Package Detects Zero-Day WMF Vulnerability.ROCKVILLE, Md. -- NFR (Near Field Recording) See near field optics and Terastor. Security, Inc., the leader in Real-Time Threat Protection, today announced protection against a Zero-day exploit An attack that takes place immediately after a security vulnerability is announced. If a user discovers a vulnerability, it might wind up on one or two blogs, and the news travels fast. If a software vendor finds it, the tendency is to keep it under wraps until it has a patch to fix it. targeting the Windows Metafiles (WMF (filename extension) wmf - The filename extension for a Windows Metafile. ) format, released to the public on Tuesday, December 27, 2005. This exploit uses a bug in Microsoft's GDI (Graphics Device Interface) The traditional programming interface (API) for output in Windows. When an application needs to display or print, it makes a call to a GDI function and sends it the parameters for the object that must be created. Graphics Rendering Engine library that had not previously been disclosed to Microsoft. Multiple sources, including CERT and Microsoft, have confirmed this bug is now actively being exploited in the wild. The Windows Metafile image format is a 16-bit metafile A file that contains other files. It generally refers to graphics files that can hold vector drawings and bitmaps. For example, Windows Metafiles (WMFs) and Enhanced Metafiles (EMFs) can store pictures in vector graphics and bitmap formats as well as text. format which can contain both vector and bitmap information. Similar bugs with Windows Metafile parsing See parse. parsing - parser issues were detailed in Microsoft advisories MS05-053 and even as far back as MS04-032, however this is a different issue than either of those problems, and Windows customers who are patched for those vulnerabilities are still at risk. Vulnerable versions of Windows include Windows 2000 SP4, Windows XP SP1+SP2, Windows XP Pro, most versions of Windows Server 2003, Windows 98 and Windows ME. NFR Security's Rapid Response Team tested the released exploit against the current package set and confirmed that customers using NFR Security's Badfiles package version 23, (released November 30th, 2005 to address a large range of WMF/EMF file parsing issues, in conjunction with the Web, FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to , and SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. packages), are already equipped with a very effective perimeter defense against this attack. Because of the centralized NFR Security badfiles architecture, protected customers will be able to effectively detect transmissions of this file over multiple protocols without regard to filename extension without any updates or configuration changes necessary. Customers using NFR's IPS will be able to halt transmission of the file without it ever entering their networks. "It is imperative that we stay well ahead of the curve when it comes to dealing with Zero-day exploits," said Darrell Burkey, Director of Product Management for NFR Security. "These attacks can be highly damaging and our customers expect nothing less than immediate protection against them. Being able to deliver on this is yet another example of our world-class customer service." Microsoft Technical Bulletin and FAQ (Frequently Asked Questions) A group of commonly asked questions about a subject along with the answers. Vendors often display them on their Web sites for use as troubleshooting guidelines. : http://www.microsoft.com/technet/security/advisory/912840.mspx About NFR Security, Inc. NFR Security is the leading provider of Real-Time Threat Protection systems that secure business networks against the four primary threat points of today - automated malware, information leakage, vulnerability windows and unsanctioned network changes. Uniquely combining its hybrid detection engine and Dynamic Shielding Architecture(TM), NFR Security delivers highly accurate protection through inline prevention and automation against real time threats. NFR Security serve customers worldwide in corporate enterprises, government agencies, service providers and academic institutions through an extensive worldwide network of channel partners and direct sales. NFR Security is headquartered in Rockville, MD. Additional information about NFR Security can be found at www.nfr.com or by calling 1-800-234-4079. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion