Sourcefire Provides Coverage in Advance of Latest Microsoft Internet Explorer Threat; Sourcefire Vulnerability Research Team Continues to Deliver Coverage Ahead Threats.COLUMBIA, Md. -- Sourcefire, Inc., the creators of Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS. (R) and the world leader in intrusion prevention See IPS and IDS. , today announced that its customers and Snort users already have coverage in place for the recently released proof of concept exploit code attacking a vulnerability in Microsoft Internet Explorer See Internet Explorer. , which impacts users of Windows 2000 SP4 and Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. SP2. The Sourcefire(TM) Vulnerability Research Team (VRT VRT Vita Radio Transport (communications standard / protocol) VRT Virus Removal Tools VRT Vehicle Registration Tax VRT Vehicle Reg Tax VRT Voltage Reduction Technology (Intel Corp) ) quickly determined that rules released on November 9, 2005, written to detect attempts to exploit a well-known Microsoft vulnerability, provided the necessary coverage to detect and prevent this new attack on customers' networks. The VRT is chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by many worms and malicious scripts as their attack vectors. In this case, Sourcefire 3D System and Snort users were provided with an analysis of the vulnerability and confirmation that rules released earlier this month would detect or prevent it. "As zero-day attacks become more prevalent, customers need to know that their security solutions are backed by a research team that proactively works to ensure the best protection possible," said Martin Roesch, Sourcefire CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. and creator of Snort. "The Sourcefire VRT continues to lead the industry in delivering protection against the latest threats, so that in many cases the Snort community and Sourcefire users are protected before an exploit is released." Vulnerability Details A vulnerability exists in the way Microsoft Internet Explorer handles the window() function supplied to the javascript "onload on·load v. on·load·ed, on·load·ing, on·loads v.tr. To load (a vehicle or container). v.intr. To load a vehicle or container. " handler as a parameter. The conditions for exploitation occur when a page is opened in the browser that uses <body onload=window();>. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. reports the vulnerability could allow remote, arbitrary code execution, yielding full system access with the privileges of the underlying user. Further information about this vulnerability and how to obtain Snort Rules is available at http://www.snort.org/rules/advisories/vrt-rules-2005-11-22.html. About the Sourcefire Vulnerability Research Team The Sourcefire VRT is comprised of leading edge intrusion prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security. About Sourcefire Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's ground-breaking network defense system unifies intrusion and vulnerability management technologies to provide customers with the most effective network security available. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has received numerous accolades including being named the Frost & Sullivan 2005 Network Security Infrastructure Protection Company of the Year. At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and intelligence in network security. Sourcefire announced on October 6, 2005 that it signed a definitive agreement to be acquired by Check Point Software Technologies Ltd. (Nasdaq:CHKP CHKP Check Point Software Technologies Ltd. (stock abbreviation, AMEX) ), for a total consideration of approximately $225 million. The acquisition is subject to closing conditions including the Hart-Scott-Rodino Antitrust Improvements Act The Hart-Scott-Rodino Antitrust Improvements Act of 1976 (Public Law 94-435, known commonly as the HSR Act) is a set of amendments to the antitrust laws of the United States, principally the Clayton Antitrust Act. The HSR Act was signed into law by President Gerald R. of 1976 ("HSR HSR homogeneously staining regions. ") and Exxon-Florio Act of 1988 and is expected to close by Q106 shortly after receiving regulatory approvals. For more information about Sourcefire, please visit www.sourcefire.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion