Sourcefire customers protected from latest vulnerabilities announced by Microsoft through proactive code enhancement
Open source innovator and SNORTcreator, Sourcefire has announced that the Sourcefire Vulnerability Research Team (VRT) has delivered rules to protect Sourcefire customers and Snort users from the four Microsoft vulnerabilities disclosed today. These vulnerabilities impact Microsoft Windows and Microsoft SQL Server. “As we enter the second half of 2008, attacks and vulnerabilities are only continuing to increase in number and magnitude,” said Matt Watchinski, Director of the Sourcefire Vulnerability Research Team. “Now more than ever, organisations need to take a proactive stance and partner with their security providers to plug holes, address weaknesses and stop the current onslaught of threats. Sourcefire takes the protection of our customers very seriously, and we continually work with them to ensure that their assets are protected from theft or unauthorized access.” Following Microsoft’s disclosure earlier today, the Sourcefire VRT created, tested and delivered Snort rules designed to detect attacks targeting the Microsoft vulnerabilities listed below. These new rules are included in the latest Sourcefire Security Enhancement Update (SEU) released today. − Microsoft Security Bulletin MS08-037 – Important vulnerabilities in the Windows Domain Name System (DNS) could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. − Microsoft Security Bulletin MS08-038 – Important vulnerability in Windows Explorer could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. − Microsoft Security Bulletin MS08-039 – Important vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server could allow an attacker who successfully exploited these vulnerabilities to gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. − Microsoft Security Bulletin MS08-40 – Important Microsoft Windows and Microsoft SQL Server vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
|
