SkyRecon Blocks New Windows Exploit

SkyRecon StormShield blocks Microsoft vulnerability that exploits passwords stored by Windows

January 8, 2008

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

SAN JOSE, Calif. -- SkyRecon Systems, the premier provider of unified endpoint security solutions, today announced that its flagship product StormShield blocks against a known vulnerability CVE-2007-5352 recently identified by the research engineers at SkyRecon. The vulnerability affects the 32-bit, 64-bit, and Itanium-based versions of the Microsoft® Windows® 2000, XP, and 2003 Server operating systems.

“This is the second vulnerability that our research team has identified and responsibly reported to Microsoft in the past couple months,” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “During our ongoing research in the Windows LPC Interface, we found an important vulnerability which could be used to gain elevated privilege and then execute code in the LSASS process – a System account process which manages credentials in the Windows operating system. If the vulnerability is exploited, there is a potential for saved passwords to be accessed by users that did not originally possess the proper credentials to access this sensitive information."

SkyRecon's StormShield is the first in the industry to provide a single-agent solution with real-time defenses designed to protect an organization’s endpoints and the sensitive data that resides on them.

Upon identification of the LSASS vulnerability, engineers at SkyRecon confirmed that StormShield detects and blocks attacks targeting the Microsoft vulnerability without the need for patches or changes in configuration.

“Vulnerability research continues to be a critical component in designing generic, effective, and efficient layers of protection,” said Yann Torrent, Director of Research and Development at SkyRecon Systems, Inc. “As this vulnerability leaves workstations and terminal servers at most risk, SkyRecon Systems is pleased that our unified endpoint protection solution protects these critical business endpoint systems.”

SkyRecon Systems

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights