Security and products; ISS helps safeguard customers.IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) recently announced its Internet Security Systems (ISS ISS See Institutional Shareholder Services (ISS). ) X-Force research and development team is helping to protect customers from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered by ISS X-Force in Microsoft's core antivirus engine, which is a default component of various Microsoft offerings such as Windows Live OneCare and Windows Defender, including Windows Defender for Vista. This vulnerability allows an attacker to send a specially-crafted PDF file to users and trigger a heap overflow in the antivirus engine, resulting in remote code execution. Successful exploitation could grant an attacker system-level privileges. ISS customers have been protected from this flaw since January. "ISS urges companies to swiftly remediate this vulnerability," said Pete Allor, director of intelligence for IBM Internet Security Systems IBM Internet Security Systems is a security software provider which was founded in 1994 as Internet Security Systems, and is often known simply as ISS or ISSX (after its former NASDAQ ticker symbol). The company was acquired by IBM in 2006. . "ISS continues to work closely with Microsoft to provide Vista support for our customers." ISS is also providing protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The most important of these is an FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to client vulnerability that can be exploited by a malformed malĀ·formed adj. Abnormally or faultily formed. response from a malicious server. Since it is relatively simple for attackers to direct Web browsers to an FTP URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. , X-Force advises companies to take this flaw seriously. For the other two vulnerabilities, users of Internet Explorer 7 should be safe by default due to the ActiveX opt-in feature. X-Force believes this may provide encouragement for network administrators to migrate to the new browser, as ActiveX controls have been used frequently in exploits this year. www.iss.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion