eEye Digital Security Discovers Two New Critical Security Flaws for Windows; Microsoft To Issue One Patch During November Update to Correct Similar Metafile Overflow Vulnerabilities Discovered by Security Leader eEye.ALISO VIEJO, Calif. -- eEye Digital Security eEye Digital Security is a company that specialises in analysis and prevention of security vulnerabilities in software. Founded by Firas Bushnaq and Marc Maiffret in 1997, the company has been credited by Microsoft with bringing a number of security vulnerabilities to their (R), a leading developer of network security and vulnerability management software solutions, as well as the industry's foremost contributor to security research and education, today announced details for two new critical vulnerabilities related to Microsoft (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ) Windows(R). If not immediately resolved, these security flaws can be detected and exploited remotely with the potential to cause serious damage, allowing an attacker to take complete control of an affected system and execute harmful action remotely, including installing programs, viewing, changing, or deleting data, and creating new accounts with full privileges. Both flaws involve metafile A file that contains other files. It generally refers to graphics files that can hold vector drawings and bitmaps. For example, Windows Metafiles (WMFs) and Enhanced Metafiles (EMFs) can store pictures in vector graphics and bitmap formats as well as text. overflows and affect the Windows 2000 Operating System operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. , which is currently found in a large percentage of business systems running Windows today. The critical discoveries also affect Windows Server See Windows Server 2008, Windows Server 2003, Windows Home Server, Windows 2000 and Windows NT. 2003, Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. 4.0 and Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. machines. Microsoft will resolve both vulnerabilities with one patch during its November update. Those organizations that are utilizing eEye's Retina(R) Network Security Scanner Software that analyzes a network to determine its exposure to unwanted intruders. Also called "vulnerability scanners," such products check client PCs, servers, routers, firewalls, network appliances, system software and applications for vulnerabilities that include open ports, trapdoors, can immediately scan for affected systems. Organizations that have deployed the Blink(R) Endpoint Intrusion Prevention See IPS and IDS. System have been protected against these vulnerabilities since their discovery several months ago and can postpone patching to regularly-scheduled maintenance cycles. "Given the enormous installed base of the affected programs in this month's patch, it's imperative that network administrators continue to scan their networks to identify vulnerable systems and take corrective action," said Marc Maiffret, eEye's co-founder and chief hacking officer. "Attacks exploiting vulnerabilities like these are costing enterprises millions of dollars annually in lost productivity and business disruption, particularly when non-scheduled patching is required. We continue to encourage enterprises to upgrade operating systems or deploy non-signature-based intrusion prevention systems in an effort to move back to regular patch-cycle maintenance." The first remotely exploitable security vulnerability is a graphics rendering issue that exists in Enhanced Metafile (EMF emf: see electromotive force. (1) (ElectroMagnetic Field) See electromagnetic radiation. (2) (Enhanced MetaFile) See Windows metafile. ) and Windows Metafile (WMF (filename extension) wmf - The filename extension for a Windows Metafile. ) extensions within default installations across Windows 2000, Windows NT 4.0 and Windows Server 2003 platforms. The flaw was reported March 29--more than 200 days ago--and has been marked with a "high" severity rating by Microsoft, as it allows malicious code to be executed with minimal user interaction through commonly used media, such as HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. , email, a link to a web page or instant messenger. Specifically, it contains integer overflow flaws in the way the Windows Graphical Device Interface (GDI (Graphics Device Interface) The traditional programming interface (API) for output in Windows. When an application needs to display or print, it makes a call to a GDI function and sends it the parameters for the object that must be created. ) processes EMF and WMF images that can lead to exploitable overflows through a number of specifically crafted metafile structures, allowing an attacker to execute code on an affected system at a user privilege level. The other critical discovery is very similar, a high-risk heap overflow in WMF that was also discovered by eEye and will only be 68 days old when patched. It affects Windows 2000, Windows NT 4.0, Windows XP and Windows Server 2003 machines. The flaw also uses the code in GDI32.DLL (1) See data link layer. (2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. that allows arbitrary code execution as a user attempts to view a malicious image. Similarly, an attacker who successfully exploits this vulnerability could take complete control of an affected system. eEye Digital Security, a leading contributor to network security research, regularly identifies vulnerabilities and provides specific advisories on how enterprises can secure them. While Microsoft is addressing only two vulnerabilities with this month's patch update, eEye's upcoming advisories' page continues to list six other discovered flaws related to Microsoft platforms, including five that are considered high risk, as they can be remotely exploited. The oldest vulnerability in that list was discovered and reported 187 days ago. For more information about upcoming advisories, please visit http://www.eeye.com/ctrack.asp?ref=uvml. Today's announcement marks the second and third vulnerabilities discovered by eEye's research team to be patched in the past week, following a similar notification by Macromedia Flash Player on Friday, November 4, 2005. The high-risk memory access flaw affected Macromedia Flash 6 and 7 on all Windows platforms and was remediated 130 days after its discovery in June. The vulnerability will allow an attacker to run arbitrary code via the SWF file as a logged-in user. Additionally, two more eEye-discovered critical flaws for the RealNetworks media player are expected to be patched by RealNetworks on Thursday. About eEye's Security Research Team Over the last five years, eEye has been recognized by industry experts as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty, Code Red and Sapphire worms, as well as the Microsoft ASN (1) (Autonomous System Number) A unique identifier of an autonomous system on the Internet. Of the 65 thousand ASNs available, more than 30 thousand have been assigned to ISPs and NSPs. ISPs usually have only one ASN, but NSPs may have more than one. vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them. As a service to the network security community, eEye's Research Team--headed by Marc Maiffret, eEye's co-founder and chief hacking officer--conducts a Vulnerability Expert Forum web seminar during the second week of every month. These Vulnerability Expert Forums enable participants to stay current on the potential risks and remediation requirements, such as those announced today, by exploring the effect that high-risk vulnerabilities and exploits have on network environments and infrastructures. To register for the November Vulnerability Expert Forum, please visit http://www.eeye.com/html/company/events. eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. Working in conjunction with popular tools such as firewalls and intrusion detection systems, eEye's products include: Retina Network Security Scanner, REM(TM) Security Management Console, Iris(R) Network Traffic Analyzer, SecureIIS(TM) Web Server Protection, and Blink Endpoint Intrusion Prevention System. About eEye Digital Security eEye Digital Security is a leading developer of network security software, and the foremost contributor to security research and education. eEye's award-winning software products provide a complete vulnerability management solution that addresses the full lifecycle of security threats: before, during and after attacks. eEye's customers, Citigroup and US Department of Defense, represent the largest deployments of vulnerability assessment and prevention technology in the private and public sector. eEye protects the networks and digital assets of more than 8,400 corporate and government deployments worldwide, including Avon, Continental Airlines, Dow Jones, Prudential, University of Miami This article is about the university in Coral Gables, Florida. For the university in Oxford, Ohio, see Miami University. The University of Miami (also known as Miami of Florida,[2] UM,[3] or just The U , Viacom, Vodafone, Warner Music and Wyeth. Founded in 1998, eEye Digital Security is a privately held, venture-backed firm with headquarters in Orange County, California Orange County is a county in Southern California, United States. Its county seat is Santa Ana. According to the 2000 Census, its population was 2,846,289, making it the second most populous county in the state of California, and the fifth most populous in the United States. . For more information, please visit www.eEye.com. All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion