Critical Vulnerability Targets Windows Metafiles 
(07/05/2008)
SkyRecon Systems has announced that StormShield blocks against a known vulnerability CVE-2008-1083 recently identified by the research engineers at SkyRecon. The vulnerability affects the based versions of the Microsoft® Windows® 2000, XP, 2003 Server, Vista and 2008 server operating systems.
“The identification of this vulnerability comes from our in-depth analysis of GDI media files format,” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “During our ongoing research on various Windows file formats we found a critical vulnerability which could be used to remotely exploit Windows when user interaction is incorporated. If the vulnerability is exploited, there is a potential for remote code execution."
SkyRecon's StormShield Unified Client Security Solution provides multi-layered security integrated into single-agent protection with real-time defenses designed to protect an organisation’s endpoints and the sensitive data that resides on them.
Upon identification of the GDI heap overflow vulnerability, engineers at SkyRecon confirmed that StormShield detects and blocks attacks targeting the Microsoft vulnerability without the need for patches or changes in configuration. As this is a remotely exploitable vulnerability, organisations that rely only on perimeter security technologies are vulnerable to attack. More information regarding the vulnerability and Microsoft Security Bulletin can be found at: Microsoft Security Bulletin MS08-021 – Critical Vulnerability
“Vulnerability research continues to be a critical component in designing generic, effective, and efficient layers of protection for both the system and confidential data,” said Yann Torrent, Director of Research and Development at SkyRecon Systems, Inc. “As this vulnerability leaves both workstations and servers at risk, SkyRecon Systems is pleased to inform businesses around the world that our unified endpoint protection solution secures their critical business endpoint systems, protecting them from compromise leveraging StormShield’s integrated buffer overflow protection.”
Related topics: Network Security Security threats and vulnerabilities
Print version | 
Email to a friend | 
Related articles
Other Security news and resources
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
