ISS Protects Microsoft

IBM's ISS X-Force R&Db team is helping to protect customers from several critical vulnerabilities announced by Microsoft

February 14, 2007

2 Min Read
Network Computing logo

ARMONK, N.Y. -- IBM (NYSE: IBM) today announced its Internet Security Systems (ISS) X-Force® research and development team is helping to protect customers from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered by IBM X-Force in Microsoft’s core antivirus engine, which is a default component of various Microsoft offerings such as Windows Live OneCare and Windows Defender, including Windows Defender for Vista.

This vulnerability allows an attacker to send a specially-crafted PDF file to users and trigger a heap overflow in the antivirus engine, resulting in remote code execution. Successful exploitation could grant an attacker system-level privileges. IBM ISS customers have been protected from this flaw since January.

“IBM ISS urges companies to swiftly remediate this vulnerability,” said Pete Allor, director of intelligence for IBM Internet Security Systems. “IBM ISS continues to work closely with Microsoft to provide Vista support for our customers.”

IBM ISS is also providing protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The most important of these is an FTP client vulnerability that can be exploited by a malformed response from a malicious server. Since it is relatively simple for attackers to direct Web browsers to an FTP URL, X-Force advises companies to take this flaw seriously.

For the other two vulnerabilities, users of Internet Explorer 7 should be safe by default due to the ActiveX opt-in feature. X-Force believes this may provide encouragement for network administrators to migrate to the new browser, as ActiveX controls have been used frequently in exploits this year.

Through a combination of cutting-edge research, extensive industry collaboration and a preemptive technology platform designed to stop entire classes of threats without the need for continuous signature updates, IBM ISS keeps customers a step ahead of constantly evolving Internet threats.

IBM Corp. (NYSE: IBM)

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Nextgen network management
Network Management
Nextgen Network Management: What’s Next and Are We Ready?Nextgen Network Management: What’s Next and Are We Ready?
byMary E. Shacklett, President, Transworld Data
May 27, 2024
4 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat