Printer Friendly
The Free Library
4,539,844 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Security and products; ISS helps safeguard customers.


IBM recently announced its Internet Security Systems (ISS) X-Force research and development team is helping to protect customers from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered by ISS X-Force in Microsoft's core antivirus engine, which is a default component of various Microsoft offerings such as Windows Live OneCare and Windows Defender, including Windows Defender for Vista.

This vulnerability allows an attacker to send a specially-crafted PDF file to users and trigger a heap overflow in the antivirus engine, resulting in remote code execution. Successful exploitation could grant an attacker system-level privileges. ISS customers have been protected from this flaw since January.

"ISS urges companies to swiftly remediate this vulnerability," said Pete Allor, director of intelligence for IBM Internet Security Systems. "ISS continues to work closely with Microsoft to provide Vista support for our customers."

ISS is also providing protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The most important of these is an FTP client vulnerability that can be exploited by a malformed response from a malicious server. Since it is relatively simple for attackers to direct Web browsers to an FTP URL, X-Force advises companies to take this flaw seriously.

For the other two vulnerabilities, users of Internet Explorer 7 should be safe by default due to the ActiveX opt-in feature. X-Force believes this may provide encouragement for network administrators to migrate to the new browser, as ActiveX controls have been used frequently in exploits this year.

www.iss.com

COPYRIGHT 2007 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2007, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:SOFTWARE WORLD DIGEST
Publication:Software World
Date:Mar 1, 2007
Words:251
Previous Article:Security and products; Webroot cautions online 'lovers'.(SOFTWARE WORLD DIGEST)
Next Article:Security and products; 80 percent of SMBs fear a threat.(SOFTWARE WORLD DIGEST)
Topics:



Related Articles
ISS Continues to Deliver Industry's Most Powerful and Comprehensive Solution for Identifying and Eliminating Security Risks.
ISS Launches Industry's First Enterprise Security Decision-Support Application.
DATABASE SCANNER MANAGES SECURITY OF MICROSOFT SERVERS.
INTERNET SECURITY SYSTEMS RELEASES 98 NEW SECURITY RISK DEFINITIONS.(Product Announcement)
INTEL AND VASCO FORM GLOBAL SECURITY ALLIANCE.(Company Business and Marketing)
Inflow Offers Enhanced Security Protection; Managed Firewall and Intrusion Protection Package Builds Defenses against Network Viruses, Hacking and...
ISS Vulnerability Disclosure Guidelines. (Security).(from Internet Security Systems)(Brief Article)
Software World Editorial Index 2003.(Software World--Intelligence)
Internet Security Systems Launches New Service To Protect Retail Organizations; Company's First Vertical Offering To Prevent Theft of Sensitive...
IBM to accuire Internet Security solutions.(IT News and Products)

Terms of use | Copyright © 2008 Farlex, Inc. | Feedback | For webmasters | Submit articles