SecureData, a member of the JSE-listed ERP.com Group and the southern African enterprise partner for eEye Digital Security, today announced the latter's recent discovery of a critical security vulnerability related to Microsoft Windows.
This flaw represents a rapidly growing class of client-side flaws that cannot be stopped by legacy security technologies and allow an attacker to take complete control of an affected system and execute harmful action remotely, including installing programs, viewing, changing or deleting data.
This vulnerability puts Internet users at risk when they visit a Web site that, unbeknown to the user, has a malicious font file embedded in the Web page. The unsuspecting user visiting the Web site is now exposed to attackers who could use this font file to run whatever commands they wish.
"This type of 'signature-less' vulnerability represents a quickly spreading class of security flaws that are widespread and extremely difficult to guard against using legacy security technologies such as anti-virus and network-based intrusion prevention tools," commented Marc Maiffret, eEye's co-founder and chief hacking officer. "Socially engineered flaws like this one and the recent 'WMF zero-day' can be among the most damaging to businesses because of the ease with which they allow attackers to gain access to a company's internal network and resources. This growing class of threat underscores the increasing need for enterprises to deploy Blink or other comprehensive, non-signature-based HIPS solutions. This is the only way an enterprise will be able to make itself zero-day immune."
In addition to legacy security technologies, attacks based on this flaw will also evade more recently introduced behaviour-based intrusion prevention systems that "learn" the correct behaviour of a system in order to detect attacks. More importantly, since this vulnerability has been socially engineered to fool a user into visiting a malicious Web site, it is likely that attackers will use this flaw to target specific institutions, masquerading as some type of official notification directing the user to a specific Web site.
The vulnerability exists in the default method used by Microsoft to de-compress embedded open type fonts and affects all Windows operating systems including legacy Windows NT, Windows 98 and Windows ME systems as well as Windows 2000, Windows XP and Windows 2003. Many additional products leverage this Microsoft component as well, including Internet Explorer and other third-party browsers, instant messaging clients and applications that load Web content directly. Any user that visits a Web site with the malicious file embedded within the text could allow an attacker to run code on the affected system.
eEye Digital Security customers using Retina, the company's award-winning network security scanner, can update their scanner to detect systems vulnerable to this issue and verify if this month's Microsoft patches are installed. Unlike signature-based solutions, such as anti-virus or behaviour-based solutions, current Blink customers aren't required to do anything to realise protection from this flaw, as no updates or policy changes are required.
Over the last five years, eEye has been recognised by industry experts as the pre-eminent organisation in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty, Code Red and Sapphire worms, as well as the Microsoft ASN vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.
As a service to the network security community, eEye's Research Team, headed by Maiffret, conducts a Vulnerability Expert Forum Web seminar during the second week of every month. These Vulnerability Expert Forums enable participants to stay current on the potential risks and remediation requirements, such as those announced today, by exploring the effect that high-risk vulnerabilities and exploits have on network environments and infrastructure.
Blink endpoint vulnerability prevention
Designed to be implemented on individual assets such as servers, PCs and laptops, Blink is the first endpoint product to combine multiple layers of security technologies to protect enterprises from zero-day attacks that leverage yet unknown vulnerabilities within enterprise networks.
This comprehensive security solution allows organisations to defer patching vulnerable machines until regularly scheduled maintenance cycles, thereby saving millions of dollars in business disruption and the associated IT resource drain caused by "panic" patching. Additionally, Blink eliminates the problem of so-called "socially engineered" security threats in which hackers trick individuals into downloading malware or otherwise making their own machines vulnerable to attack. As a result, Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks.
eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. Working in conjunction with popular tools such as firewalls and intrusion detection systems, eEye's product portfolio also includes Retina Network Security Scanner, REM Security Management Console, Iris Network Traffic Analyser and SecureIIS Web Server Protection.
For further information, please contact Willem Barnard at telephone +27 11 257 8600; fax +27 11 257 8699; e-mail willemb@securedata.co.za.
Share
eEye Digital Security is a leading developer of network security software, and the foremost contributor to security research and education. eEye's award-winning software products provide a complete vulnerability management solution that addresses the full lifecycle of security threats: before, during and after attacks.
eEye protects the networks and digital assets of more than 8 400 corporate and government deployments worldwide, including Avon, Citigroup, Continental Airlines, US Department of Defence, Dow Jones, Prudential, University of Miami, Viacom, Vodafone, Warner Music and Wyeth. Founded in 1998, eEye Digital Security is a privately held, venture-backed firm with headquarters in Orange County, California. For more information, please go to www.eEye.com.
SecureData
SecureData, an ERP.com company, is Africa's premier IT security solution provider. SecureData's solutions incorporate anti-virus and content security, network security, intrusion prevention software and network asset management.
SecureData's comprehensive "Managed Security Services" include design, audit, implementation, vulnerability assessment, outsourcing and hosting. SecureData distributes, sells and supports category leading IT security products to the public, corporate and SME sectors throughout Africa as well as products and services to the SOHO and consumer markets through partnerships with ISPs. As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the African distributor for US-based TippingPoint Technologies and the southern African distributor for US-based Application Security, eEye, Rocket Software, RSA Security, St Bernard and Websense. For more information, visit SecureData at www.securedata.co.za.
ERP.com
ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.
Editorial contacts