Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Critical vulnerabilities discovered by Palo Alto Networks closed out by MS

Palo Alto Networks : 14 October, 2009  (Technical Article)
Microsoft has included fixes for three critical vulnerabilities which had been discovered by Palo Alto Networks in this weeks patch update
Palo Alto Networks has announced that its Threat Research Team discovered three vulnerabilities, two of which are rated as "critical," that Microsoft has published in its Patch Tuesday security bulletin today. Vulnerable systems are susceptible to an attacker taking complete control of them.

Microsoft credits Palo Alto Networks' Threat Research Team for identifying the following three vulnerabilities published today. All threats allow a successful attacker to execute code remotely, and take complete control of the vulnerable system.

* WMP Heap Overflow Vulnerability (Critical; MS09-052, CVE-2009-2527). An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4.

* GDI+ WMF Integer Overflow Vulnerability (Critical; MS09-062, CVE-2009-2500). The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content.


* Memory Corruption in Indexing Service Vulnerability (Important; MS09-057, CVE-2009-2507). The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component.

The Palo Alto Networks Threat Research Team is active in the research community, aggressively pursuing both new vulnerability research and mitigation of all types of threats. Leveraging its expert understanding of today's applications, threats and how vulnerabilities get exploited, the team is a consistent contributor in support of Microsoft's Patch Tuesday releases, including discovering six Microsoft vulnerabilities in the past six months.

Enterprises using legacy security technology increasingly lack visibility into and control of application traffic. Palo Alto Networks' next-generation firewalls are unique in the industry in their ability to see and control applications, users and content - not just ports, IP addresses and packets. Traditional port-blocking firewalls do not have the content intelligence to identify application vulnerabilities such as these, which attackers could exploit to take complete control of affected systems.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo