AUSTIN, Tx. -- Winternals Software, a leading provider of Microsoft systems availability and protection solutions, today announced that its Protection Manager security solution could have prevented damage caused by the recently discovered Microsoft Word zero-day threat. Protection Manager offers more comprehensive capabilities than conventional antivirus blacklist products, which can only block known threats. Protection Manager provides an industry-unique combination of unauthorized application execution prevention, merged with a least privilege user environment.
The previously undocumented vulnerability in Microsoft Word has been exploited by malware designated the Backdoor.Ginwui Trojan, which affects Windows-based systems. Exploits such as this trojan are difficult to detect, because they represent a targeted attack on specific organizations, rather than a widespread attack. Targeted attacks can exist indefinitely before being discovered. Traditional antivirus products fail to protect against zero-day threats like this trojan because they operate by reactively detecting malicious code that has already been identified.
Other, as of yet unknown, malware may also be exploiting this Microsoft Word vulnerability during the lengthy window between the identification of the security hole and the distribution of an updated patch. This window creates a gap in enterprise security that can result in system downtime, lost data, and reduced productivity. In the case of the Backdoor.Ginwui exploit, and other undiscovered exploits of the same vulnerability, users must wait for Microsoft's next "Patch Tuesday". Updating virus definitions would not offer much protection because some exploits may remain undetected, especially attacks that target particular organizations rather than the Windows user community as a whole.
"The Microsoft Word vulnerability highlights the specific need for Protection Manager in today's enterprise security market," said Edwin Brasch, president and CEO of Winternals. "New malware attacks can inflict damage long before an effective patch can be deployed, but Protection Manager can block any application not specifically authorized to run, while granting both the minimum user and the application access rights needed to efficiently complete computing tasks."
Winternals Software LP
Microsoft Corp. (Nasdaq: MSFT)