Güvenlik şirketi Finjan, Windows güvenlik güncellemesi Service Pack 2’de 10 adet açık tespit etti. Güvenlik şirketi, açıkların hacker’lara kullanıcının bilgisayarına sızma şansı verdiğini duyurdu.

Finjan, Microsoft’un açıklarla ilgili olarak bilgilendirdiğini ve yama için ortak çalışıldığını açıkladı. Şirket açıkların detaylarını belirtmezken, açıkları suistimal edecek saldırı tipleri ile ilgili ipuçları verdi.

Finjan’a göre açıklardan biri, dosya indirmelerinde SP2’nin otomatik olarak verdiği uyarıyı kaldırıyor. Böylece kullanıcı farkında olmadan virüslü bir dosya indirebiliyor.

İşte açıklamanın tam metni:

Press Release 165

SAN JOSE,CA , 11/10/2004  -- 

French

Finjan Software, the leading provider of proactive secure content management solutions for enterprises, announces today 10 serious security vulnerabilities discovered by Finjan’s Malicious Code Research Center (MCRC) in Windows® XP Service Pack 2 (SP2) operating system.

 

“The recently released Service Pack 2 of Microsoft® Windows® XP operating system offers certain features of security,” says Shlomo Touboul, CEO and Founder of Finjan Software.  “However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security. By using Finjan’s proactive security solutions, based on our patented behavior blocking technology on top of SP2, users can enjoy a secure environment that protects them from such vulnerabilities”.

 

Finjan has provided Microsoft with full technical details concerning the vulnerabilities discovered by Finjan’s Malicious Code Research Center and has been assisting Microsoft to patch these holes. In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft.

 

"Windows® XP SP2 operating system is a continuation of the same Windows XP Operating System and Windows Kernel.  All Windows versions have been developed with requirements for highest backward compatibility and open architecture, with maximum productivity and ease of use.  In addition, Windows® applications typically run with administrative permission with full and unlimited access to computer resources", continues Shlomo Touboul. 

 

"This, together with the emerging technology of mobile code has created a situation in which active content travels freely over the web and gains full control of host computers. These fundamentals create a green field for hackers shown by constantly increasing attacks and damage over the last few years.  A security patch of Windows® operating system without changing the rules of the game will not be enough to fight the recent complex malicious code attacks such as Scob, Mydoom, and others.  End users and Enterprises must add an independent security layer that is not dependent on the above fundamentals.  Application level behavior blocking is the leading technology designed to immunize systems from both known and unknown vulnerabilities and exploits; viruses, worms, Trojans, spyware, phishing and other threats", concluded Mr. Touboul.

 

Notes to Editors

 

More details on the Vulnerabilities

By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a web page. 

The following scenarios demonstrate some of the vulnerabilities discovered by Finjan in SP2:

·         Hackers can remotely access users' local files
Windows® XP SP2 is designed to deny access to a local file in the course of Internet browsing. Therefore, any attempt by a remote web page to access a local file in any way other than downloading a file, is denied.  Finjan has shown that this feature can be remotely compromised by hackers.

·         Hackers can switch between Internet Explorer Security Zones to obtain rights of local zone
Internet Explorer uses the notion of security zones to differentiate between mobile codes by their origin. In this way, for example, the permissions of files running from the local hard drive are much higher than the permissions of code downloaded from the Internet.  Finjan has shown that it is possible to elevate the privilege level of mobile code downloaded from the Internet. By gaining additional privileges, the remote code could read, write and execute files on the user’s hard drive.

·         Hackers can bypass SP2’s notification mechanism on the download and execution of EXE files and therefore download files without any warning or notification
One of the mechanisms that have been implemented in SP2 is the verification of the download and the execution of content arriving from the Internet. This mechanism is implemented by three new features – an information bar inside Internet Explorer which filters and blocks unauthorized operations performed by web pages, a file download dialog which requires the user’s confirmation for file save and execution operations, and an execution verification dialog. These features are important to prevent unauthorized silent “drive-by” installations of malicious software.

 

Finjan Customers Are Proactively Protected Against All These Threats

Finjan enterprise customers using the latest releases of Finjan’s Vital Security™ products, and Finjan’s small and medium sized customers using the recently released 1Box™ Series are proactively protected against these vulnerabilities, as well as against other, not yet discovered ones.

 

About the Finjan® Vital Security™ Product Suite

Vital Security™ for Enterprises

Vital Security™ for Web: Installed at the corporate gateway, Vital Security for Web leverages its patented proactive behavior blocking engine to close the Window-of-Vulnerability™ left open on the Web and is the only solution to also integrate best-of-breed solutions in traditional anti-virus scanning, content filtering and  Web filtering onto a single platform.

 

Vital Security™ for E-Mail:  Installed at the corporate gateway, Vital Security for E-Mail leverages its patented proactive behavior blocking engine to close the Window-of-Vulnerability™ left open in e-mail and is the only solution to also integrate best-of-breed solutions in traditional anti-virus scanning, anti-spam, content filtering, custom disclaimers, and document auditing with digital watermarking onto a single platform.

 

Vital Security™ for Clients: A centrally managed, proactive security solution for enterprise desktops, Vital Security for Clients closes the Window-of-Vulnerability™ and protects against new virus outbreaks and malicious mobile code attacks received through e-mail or the Web using its run-time monitoring “sandboxing” technique.

 

Vital Security™ for Documents: Enables companies to control the access, authorization and distribution of sensitive documents internally and externally. It allows trusted users to view critical business information and intellectual property unimpeded, while preventing those properties from being digitally distributed, electronically copied, or physically replicated.

 

Vital Security™ for SSL: Installed at the corporate gateway, Vital Security for SSL decrypts encrypted traffic in HTTPS/SSL to allow other security solutions such as Vital Security for Web, to scan the content for viruses, worms or malicious code.

 

Vital Security 1Box™ Series for Small and Medium-Sized Businesses

Internet 1Box™: Best and most comprehensive security solution for web and email at the gateway and desktop. This easy-to-use product combines Finjan’s patented application-level Behavior Blocking technology to provide day-zero protection against unknown or known attacks, integrated with best-of-breed anti-virus, URL filtering and anti-spam engines in a single box. Providing enterprise-level security at a price affordable for SMBs, Internet 1Box represents the best value for money.  It addresses the security worries allowing SMBs to focus on their business.

 

SSL 1Box™: Extends the Internet 1Box capability to protect against threats arriving via SSL/HTTPS encrypted content as well as enforcing SSL certificates according to the corporate policies. When implemented together with Internet 1Box these products deliver the best solution on the market capable of detecting a new unknown attack arriving via HTTPS/SSL, HTTP and FTP.

 

Documents 1Box™: Provides a secure environment for sharing documents within organizations and with partners or customers. Based on pre-defined corporate policies, it protects against unauthorized access, saving, copying, forwarding, printing, or even screen-capturing of confidential documents. It provides protection against unauthorized use of confidential documents, thus allowing SMBs to generate new revenue streams and additional business opportunities.  It is the only secured publishing solution available for the SMBs. 

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan Software, dedicated to the research and detection of potential Internet and e-mail attacks. MCRC’s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop next generation mobile malicious code, worms, Trojans, viruses and spyware. MCRC researchers also contribute to the development of next generation defense tools for Finjan’s proactive secure content management solutions.  For more information, visit http://www.finjan.com/mcrc/.  These specific vulnerabilities were discovered by Mr. Ivgi, Security Researcher, Finjan's MCRC department.

 

About Finjan
Finjan Software is the leading provider of proactive, behavior-based secure content management solutions, protecting more than 3 million users from attacks, globally.  Finjan surpasses the levels of defense typically offered by reactive anti-virus software solutions. Finjan uses its Vital Security™ platform to determine actual code behavior and blocks any action that violates predefined security policy. This superior technology enables Finjan to protect users proactively by responding to existing, and more importantly, yet to be developed attacks. Analyst firm IDC, recognizes Finjan as the leader in the worldwide malicious mobile code security market.  For more about Finjan Software and its proactive protection solutions against threats driven by mobile malicious code, please visit: www.finjan.com.

 

Copyright Ó 2004 Finjan Software, Inc., and/or its subsidiaries. All rights reserved.

Finjan, Finjan logo, Vital Security, 1Box, Internet 1Box, SSL 1Box, and Documents 1Box are trademarks or registered trademarks of Finjan Software, Inc., and/or its subsidiaries. Microsoft, Windows, Windows XP are either registered trademarks or trademarks of Microsoft Corporation. All other registered and unregistered trademarks in this document are the sole property of their respective owners. The Finjan Software products described in this document are protected by one or more of the following U.S. Patents: 6092194, 6167520, 6480962, 6209103, 6298446, and 6353892 and may be protected by other U.S. Patents, foreign patents, or pending applications.

 

 

Finjan Media Contact:

United Kingdom

Simona Cotta Ramusino / Blanaid Colley

The Global Consulting Group

+44 (0) 20 7221 4374

sramusino@hfgcg.com/

bcolleyb@hfgcg.com