home
 











Attacks & vulnerabilities
Finjan Identifies Important Vulnerability in Windows Vista’s Contact Gadget, Leading to a Security Update Issued by Microsoft  
August 2007   

Finjan Inc. announced that a new Windows Vista security update released by Microsoft as part of its monthly security update resulted from security research by Finjan’s Malicious Code Research Center (MCRC). The discovery of the vulnerability by Finjan’s Malicious Code Research Center (MCRC) and Finjan’s prompt action to alert Microsoft reflect the commitment of the two companies to work together to counter security threats posed by malicious hacker attacks to PC and Internet users.

More about this vulnerability can be found in Microsoft’s Security Bulletin , http://www.microsoft.com/technet/security/current.aspx

The vulnerability associated with Windows Vista’s Contact gadget could potentially lead to remote code execution on the Vista platform. An attacker could exploit the vulnerability with minimal user interaction with the Contact gadget that is available in Windows Vista.

Finjan has made a short video showing the exploit in action, http://www.finjan.com/MCRCblog.aspx, available on its web site. Finjan recently presented findings related to the entire field of Widgets and Gadgets, and the implications for vendors using them, in the recent DefCon event held in Las-Vegas during the beginning of August.

Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and worked with Microsoft until a fix was ready to be released to customers. “This discovery is the latest example of the close cooperation between our Malicious Code Research Center and Microsoft with the goal of securing users from potential malicious attacks,” said Finjan CTO Yuval Ben-Itzhak. “Security is an industry problem and this type of collaboration and cooperation is critical to helping protect people using the Internet.”

Ben-Itzhak noted that Finjan’s patented real-time content inspection technology has demonstrated a solid track record in protecting Windows users against web exploits. Finjan’s Vital Security™ Web appliances are free from the recent false positive problems associated with several anti-malware products as discussed in :
http://www.theregister.co.uk/2007/08/03/64bitvista_av_tests/

-----------------------------------------------

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC’s goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world’s leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan’s proactive web security solutions. For more information, visit our MCRC website.

August 2007  
comment



Google











 
ADMIN ::: site web et template SPIP ::: Oxymium :::         
IT security solution(s), IT security , anti virus, IT security protection, virus, job offer/employment , network security news, network security , IT security magazine, virus alert, special report on IT security/IT security feature, IT security project, biometry, telecom network security, spyware security/spyware protection, trojan information, trojan, IT intrusion, spam, email security, anti-spam software, firewall security/firewall protection, firewall, telecom security, hackers/cyber criminals, trojan horse, storage, SAN, FNA?, IT backup