Printer Friendly
The Free Library
5,668,249 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Sourcefire and iDEFENSE First to Deliver Detection for New Microsoft Vulnerabilities; Snort and Sourcefire Users Protected at Time of Vulnerability Announcement.


COLUMBIA, Md. & RESTON, Va. -- Sourcefire, Inc., the world leader in real-time network defense, and iDEFENSE, the global leader in cyber threat intelligence solutions, today announced that their customers are the first who can detect the new Microsoft Internet Explorer See Internet Explorer.  and Windows operating system operating system (OS)

Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs.  vulnerabilities announced earlier today. Through collaboration with iDEFENSE, the Sourcefire Vulnerability Research Team (VRT VRT Vita Radio Transport (communications standard / protocol)
VRT Virus Removal Tools
VRT Vehicle Registration Tax
VRT Vehicle Reg Tax
VRT Voltage Reduction Technology (Intel Corp) ) received notice of these serious and remotely exploitable vulnerabilities.

Sourcefire and iDEFENSE customers received new rules for the Sourcefire 3D System in conjunction with Microsoft's public notification of the vulnerabilities, allowing them to immediately protect their networks and preempt pre·empt or pre-empt  
v. pre·empt·ed, pre·empt·ing, pre·empts

v.tr.
1. To appropriate, seize, or take for oneself before others. See Synonyms at appropriate.

2.
a.  possible exploits. In addition, new VRT Certified Rules were made available to Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS.  subscribers.

iDEFENSE has issued public advisories detailing the vulnerabilities. The cooperation between the two companies provided a fully integrated technology and intelligence solution that prevents hackers from compromising a customer's network.

"Understanding that threats continue to emerge, iDEFENSE is pleased to continue collaborating with vendors like Sourcefire, combining intelligence and technology, to provide our customers and the Snort community with the best possible defense" said Michael Sutton Michael Sutton (born June 18, 1970, Los Angeles, California) is an American actor who is best known for playing the HIV-positive Stone Cates on the long running daytime serial General Hospital. He was nominated for two Emmy Awards in 1995 and in 1996 for that role. , director of iDEFENSE's vulnerability research. "We continue to turn to Sourcefire because of its reputation for and the ability of its Vulnerability Research Team to create superior Snort rules in real time."

"Sourcefire is proud to team with leading threat intelligence companies like iDEFENSE to ensure that Sourcefire customers and Snort users have coverage in advance of actual threats," said Martin Roesch, Sourcefire CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey.  and creator of Snort. "The combination of iDEFENSE with Sourcefire's Vulnerability Research Team not only provides users with immediate notification of vulnerabilities but real-time delivery of the world's leading detection and prevention rules."

Vulnerability Details

A flaw in the Microsoft Internet Explorer DHTML See Dynamic HTML.

DHTML - Dynamic HTML  Engine may allow an attacker to exploit a race condition and possibly execute code of their choosing on the victim host with the privileges of the user running Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. . In addition, a programming error in Microsoft Internet Explorer may allow an attacker to execute code of their choosing on a vulnerable host. Finally, Microsoft Windows See Windows.

(operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then.  has design errors that may enable an attacker to execute code of their choosing on a vulnerable system. Specifically, it is possible to execute code from seemingly non-executable objects. On average, iDEFENSE customers were informed of these vulnerabilities 145 days in advance of the public disclosure.

Further information about these vulnerabilities and how to obtain Sourcefire or Snort Rules are available at http://www.sourcefire.com/services/advisories/sa041205.html or http://www.snort.org/rules/.

iDEFENSE's detailed advisories on the Microsoft vulnerabilities can be found online at:

--Microsoft Internet Explorer DHTML Engine Race Condition - http://www.idefense.com/application/poi/display?id=228&type= vulnerabilities (Due to its length, this URL URL
 in full Uniform Resource Locator

Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program.  may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.)

--Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability - http://www.idefense.com/application/poi/display?id=229&type= vulnerabilities (Due to its length, this URL may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.)

--Microsoft MSHTA MSHTA Microsoft Html Application  Script Execution Vulnerability - http://www.idefense.com/application/poi/display?id=231&type= vulnerabilities (Due to its length, this URL may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.)

About the Sourcefire Vulnerability Research Team

The Sourcefire VRT is comprised of leading edge intrusion detection See IDS and IPS.  experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security.

About Sourcefire's 3D System

Sourcefire's 3D Approach - Discover, Determine, Defend - to securing real networks in real-time provides proactive defense-in-depth through an integrated process of discovering risks, vulnerabilities and threats; determining their business impact; and taking the appropriate action to defend the network. Sourcefire's 3D System, including Sourcefire Intrusion Sensors and Agents, Sourcefire RNA RNA: see nucleic acid.
RNA
 in full ribonucleic acid

One of the two main types of nucleic acid (the other being DNA), which functions in cellular protein synthesis in all living cells and replaces DNA as the carrier of genetic  Sensors and the Sourcefire Defense Center, provides companies with the most effective security possible.

The Sourcefire 3D System offers the most flexible and precise intrusion detection and network discovery technologies worldwide. Sourcefire Intrusion Sensors utilize the award-winning Snort rules-based detection engine, bringing the benefits of signature, protocol, and anomaly-based inspection methods to all varying network traffic speeds. In addition, Sourcefire RNA Sensors passively monitor a network to deliver highly detailed, real-time profiles of all network assets including their configuration, behavior, potential vulnerabilities and associated changes. By tightly integrating and correlating the threat information provided by Sourcefire Intrusion Sensors and Agents with the network intelligence provided by Sourcefire RNA Sensors, the Sourcefire Defense Center easily prioritizes the millions of security events to determine the most critical events to an organization's business and takes the appropriate actions. These actions follow the ABCs of Defense - Alert, Block, Correct - all in real-time to deliver the most effective security.

About iDEFENSE

iDEFENSE, based in Reston, Va., provides information security intelligence to the U.S. government and Global 2000 companies, including leaders in financial services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. , energy, transportation and telecommunications. The company provides customized, actionable, timely and relevant intelligence detailing potential threats, vulnerabilities and security issues directly to C-level executives, general counsels, auditors, senior security managers and staff, and system administrators. Further information is available at www.idefense.com or (703) 390-1230.

About Sourcefire

Sourcefire, Inc., the world leader in real-time network defense solutions, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's ground-breaking network defense system unifies intrusion and vulnerability management technologies to provide customers with the most effective network security available. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has received numerous accolades including being named a 2004 Company to Watch by Network Computing Storing and/or running applications in servers in a network. See cloud computing and network computer.  Magazine and selected as one of the Red Herring Red Herring

A preliminary registration statement that must be filed with the SEC describing a new issue of stock (IPO) and the prospects of the issuing company.

Notes:  Top 100 privately held companies privately held company

A firm whose shares are held within a relatively small circle of owners and are not traded publicly. . At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and intelligence in network security. For more information about Sourcefire, please visit www.sourcefire.com.
COPYRIGHT 2005 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Apr 12, 2005
Words:1033
Previous Article:Capital Hill Announces Major Increase in Chiqueritos Land Position.
Next Article:Rimage Corporation First Quarter Earnings Conference Call Scheduled for April 20th.
Topics:



Related Articles
Nebulas joins Sourcefire's UK partner programme.(Security News and Products)(Brief Article)
Sourcefire Provides Coverage Ahead of Threat for Microsoft Denial of Service; Sourcefire's Focus on Vulnerabilities Protects Customers and Snort(R)...
Sourcefire Provides Coverage in Advance of Latest Microsoft Internet Explorer Threat; Sourcefire Vulnerability Research Team Continues to Deliver...
Sourcefire Awards Two Scholarships Recognizing the Use of Snort(R) as an Educational Tool; As the Leading IPS Teaching Tool, Snort Enables Next...
Sourcefire Vulnerability Research Team Discovers OSSP shiela Vulnerability; Sourcefire Vulnerability Research Team Continues to Deliver Coverage...
Sourcefire(R) Launches Free Security Tool to Protect Microsoft Office Applications.
Sourcefire Identifies Microsoft Outlook Vulnerability.
Sourcefire(R) Delivers Protection 2 Years in Advance of Latest Microsoft Animated Cursor Vulnerability.
Sourcefire(R) Launches Enterprise Threat Management Strategy.
Sourcefire(R) Delivers Protection for Critical Microsoft Vulnerabilities.

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles